analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://www.ztomy.com/?dn=halalfoodprocessors.com&pid=5PO815561

Full analysis: https://app.any.run/tasks/d768d3bf-4374-488b-9361-f56ed635a8a4
Verdict: Suspicious activity
Analysis date: January 07, 2019, 16:48:56
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
adware
Indicators:
MD5:

F5D9EA1E3FD1332436FEF5DEFE186BF6

SHA1:

F0CA5E87AA547CD6E8B0A28BEFC900EAB4F04922

SHA256:

81490E312E1C6428D9BA2BFF9C0ADCECD0B8F8AA43CB02045F7A968EF1B4F8ED

SSDEEP:

3:N1KJS45MazC9dAWqGPYqWpUn:Cc4J0dzqYYq2U

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Reads internet explorer settings

      • iexplore.exe (PID: 3084)
    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3084)
      • iexplore.exe (PID: 2948)
    • Application launched itself

      • iexplore.exe (PID: 2948)
    • Changes internet zones settings

      • iexplore.exe (PID: 2948)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
33
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2948"C:\Program Files\Internet Explorer\iexplore.exe" -nohomeC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
3084"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2948 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Total events
474
Read events
375
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
14
Unknown types
2

Dropped files

PID
Process
Filename
Type
2948iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[1].ico
MD5:
SHA256:
2948iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3084iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\ztomy_com[1].txt
MD5:
SHA256:
3084iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\ztomy_com[1].txt
MD5:
SHA256:
2948iexplore.exeC:\Users\admin\AppData\Local\Temp\StructuredQuery.logtext
MD5:BC166CAC19959CE9261944A544E2F1D2
SHA256:61AB5DB33993CE81461AD9995CE600B6AF4A02A2D92C0E43B31EE08E19B6C95C
2948iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019010720190108\index.datdat
MD5:1ED61B9AB49D141B731F81D8E3A26DA7
SHA256:85D06969BC32D62870D6689254BB3798D8F4EF0A75A09B29A7D455BA6B2D759F
3084iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\ztomy_com[1].htmhtml
MD5:04F14C82599EAD0DAAB21573D145DB26
SHA256:F3583FF3D81D6CA97BEDAA0DBA0B08CA825478D1B8CFDF150C2C02CD99C1EE04
3084iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019010720190108\index.datdat
MD5:10B9FEB9399684B8DBD41EE43A40FBF9
SHA256:BDAA815AD152C4728EE380BF06DAD6FDF4E21EC901058789E514744DDDF09750
3084iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\noConnect[1]image
MD5:3CB8FACCD5DE434D415AB75C17E8FD86
SHA256:6976C426E3AC66D66303C114B22B2B41109A7DE648BA55FFC3E5A53BD0DB09E7
3084iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\httpErrorPagesScripts[1]text
MD5:E7CA76A3C9EE0564471671D500E3F0F3
SHA256:58268CA71A28973B756A48BBD7C9DC2F6B87B62AE343E582CE067C725275B63C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
4
DNS requests
2
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3084
iexplore.exe
GET
302
208.91.196.4:80
http://www.ztomy.com/?dn=halalfoodprocessors.com&pid=5PO815561
VG
malicious
3084
iexplore.exe
GET
200
208.91.196.4:80
http://www.ztomy.com/?pid=9PO312GO9&dn=halalfoodprocessors.com&rpid=5PO815561
VG
html
1.69 Kb
malicious
2948
iexplore.exe
GET
404
208.91.196.4:80
http://www.ztomy.com/favicon.ico
VG
text
30 b
malicious
2948
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
2948
iexplore.exe
GET
404
208.91.196.4:80
http://www.ztomy.com/favicon.ico
VG
text
30 b
malicious
3084
iexplore.exe
GET
200
208.91.196.4:80
http://www.ztomy.com/?domain=halalfoodprocessors.com&dn=halalfoodprocessors.com&fp=aHP1mz%2FdEqA3ud3TigRRthU19PgWyYMiP7%2B6cVGo1nVgELp8G29lj%2Frdj0SWgiR4wUpsf5sLTCI%2BLuBgMSk9BKF%2Bl%2B%2B7dOa7ytqChpurxPqyOdSGWOTzo0RAynd1kIdRLdHddFWbSlpMbTx4yCrX%2BiS2X7mIRS9zQSfpgtoRIkcbVL6Eah%2B248rX5GhhgMK0&prvtof=PDxWDHCMlPKF%2FemcT%2Fmlym0ViK8WC8wgTdFMVHiwFLI%3D&poru=mETufQqrPH34TSkIXHaOMCQpvLzJlA2kpyPYrbLjSdrNkFGG4wHCPxoGV1DCAAJG4IA88jOUnmK0FyECSgMcAiA9ZplaHxlv86yjGmTZJYbjB1ZR4cKc1hOjYGqK%2Bmo6&rpid=5PO815561
VG
html
196 b
malicious
3084
iexplore.exe
GET
200
208.91.196.4:80
http://www.ztomy.com/?domain=halalfoodprocessors.com&dn=halalfoodprocessors.com&fp=aHP1mz%2FdEqA3ud3TigRRthU19PgWyYMiP7%2B6cVGo1nVgELp8G29lj%2Frdj0SWgiR4wUpsf5sLTCI%2BLuBgMSk9BKF%2Bl%2B%2B7dOa7ytqChpurxPqyOdSGWOTzo0RAynd1kIdRLdHddFWbSlpMbTx4yCrX%2BiS2X7mIRS9zQSfpgtoRIkcbVL6Eah%2B248rX5GhhgMK0&prvtof=PDxWDHCMlPKF%2FemcT%2Fmlym0ViK8WC8wgTdFMVHiwFLI%3D&poru=mETufQqrPH34TSkIXHaOMCQpvLzJlA2kpyPYrbLjSdrNkFGG4wHCPxoGV1DCAAJG4IA88jOUnmK0FyECSgMcAiA9ZplaHxlv86yjGmTZJYbjB1ZR4cKc1hOjYGqK%2Bmo6&rpid=5PO815561
VG
html
196 b
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2948
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
2948
iexplore.exe
208.91.196.4:80
www.ztomy.com
Confluence Networks Inc
VG
malicious
3084
iexplore.exe
208.91.196.4:80
www.ztomy.com
Confluence Networks Inc
VG
malicious
3084
iexplore.exe
208.91.196.4:443
www.ztomy.com
Confluence Networks Inc
VG
malicious

DNS requests

Domain
IP
Reputation
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
www.ztomy.com
  • 208.91.196.4
malicious

Threats

PID
Process
Class
Message
3084
iexplore.exe
Misc activity
ADWARE [PTsecurity] InstantAccess
3084
iexplore.exe
Potentially Bad Traffic
SC BAD_UNKNOWN Suspicious Generic
3084
iexplore.exe
Potentially Bad Traffic
SC BAD_UNKNOWN Suspicious Generic
No debug info