File name:

job_presentation_g2s.js

Full analysis: https://app.any.run/tasks/bc9e99f8-9dc1-44ca-a59c-05ac6d30ef77
Verdict: Malicious activity
Threats:

Trojans are a group of malicious programs distinguished by their ability to masquerade as benign software. Depending on their type, trojans possess a variety of capabilities, ranging from maintaining full remote control over the victim’s machine to stealing data and files, as well as dropping other malware. At the same time, the main functionality of each trojan family can differ significantly depending on its type. The most common trojan infection chain starts with a phishing email.

Malware Trends Tracker     >>>
Analysis date: February 22, 2020, 00:10:47
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
trojan
gozi
ursnif
Indicators:
MIME: text/plain
File info: ASCII text, with very long lines, with no line terminators
MD5:

29B39338849F9C254F1C930E0811C8BB

SHA1:

A0FB6C1A9B2797E1498B3876DAB36DA96D55F33D

SHA256:

81918E536EB758639ECDECCA1CB8FDE17285CCFC840711C51671DA0B2688B802

SSDEEP:

3072:LbqynsZU+oJ4riJOpgWFxbMI7TZy+YNWjdWODY5CvDjaZ6h38cO2WChcAUPdIN5P:w

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Connects to CnC server

      • iexplore.exe (PID: 1932)
      • iexplore.exe (PID: 1544)
      • iexplore.exe (PID: 2652)
      • iexplore.exe (PID: 3316)
      • regsvr32.exe (PID: 3808)

    • Registers / Runs the DLL via REGSVR32.EXE

      • WScript.exe (PID: 3968)

    • URSNIF was detected

      • iexplore.exe (PID: 1932)
      • iexplore.exe (PID: 1544)
      • iexplore.exe (PID: 2652)
      • iexplore.exe (PID: 3316)
      • regsvr32.exe (PID: 3808)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WScript.exe (PID: 3968)

    • Executed via COM

      • iexplore.exe (PID: 2276)
      • iexplore.exe (PID: 2152)
      • iexplore.exe (PID: 3068)
      • iexplore.exe (PID: 2680)

  • INFO

    • Changes internet zones settings

      • iexplore.exe (PID: 2276)
      • iexplore.exe (PID: 2152)
      • iexplore.exe (PID: 3068)
      • iexplore.exe (PID: 2680)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 2276)
      • iexplore.exe (PID: 1932)
      • iexplore.exe (PID: 1544)
      • iexplore.exe (PID: 2152)
      • iexplore.exe (PID: 3068)
      • iexplore.exe (PID: 2652)
      • iexplore.exe (PID: 3316)
      • iexplore.exe (PID: 2680)

    • Reads internet explorer settings

      • iexplore.exe (PID: 1932)
      • iexplore.exe (PID: 1544)
      • iexplore.exe (PID: 2652)
      • iexplore.exe (PID: 3316)

    • Application launched itself

      • iexplore.exe (PID: 2152)
      • iexplore.exe (PID: 3068)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 2276)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 2276)

    • Changes settings of System certificates

      • iexplore.exe (PID: 2276)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
44
Monitored processes
10
Malicious processes
10
Suspicious processes
0

Behavior graph

Click at the process to see the details
start wscript.exe #URSNIF regsvr32.exe iexplore.exe #URSNIF iexplore.exe iexplore.exe no specs #URSNIF iexplore.exe iexplore.exe no specs #URSNIF iexplore.exe iexplore.exe no specs #URSNIF iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
1544"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2152 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
1932"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2276 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
2152"C:\Program Files\Internet Explorer\iexplore.exe" -EmbeddingC:\Program Files\Internet Explorer\iexplore.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
2276"C:\Program Files\Internet Explorer\iexplore.exe" -EmbeddingC:\Program Files\Internet Explorer\iexplore.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
2652"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3068 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
2680"C:\Program Files\Internet Explorer\iexplore.exe" -EmbeddingC:\Program Files\Internet Explorer\iexplore.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
3068"C:\Program Files\Internet Explorer\iexplore.exe" -EmbeddingC:\Program Files\Internet Explorer\iexplore.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3316"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2680 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3808"C:\Windows\System32\regsvr32.exe" -s C:\Users\admin\AppData\Local\Temp\\SPMtc.txtC:\Windows\System32\regsvr32.exe
WScript.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\regsvr32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3968"C:\Windows\System32\WScript.exe" "C:\Users\admin\Desktop\job_presentation_g2s.js"C:\Windows\System32\WScript.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft ® Windows Based Script Host
Exit code:
0
Version:
5.8.7600.16385
Modules
Images
c:\windows\system32\wscript.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
Total events
8 257
Read events
1 410
Write events
4 597
Delete events
2 250

Modification events

(PID) Process:(3968) WScript.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(3968) WScript.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(2276) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
3224432108
(PID) Process:(2276) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30796052
(PID) Process:(2276) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2276) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2276) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2276) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2276) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2276) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
46000000A1000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
Executable files
1
Suspicious files
7
Text files
33
Unknown types
3

Dropped files

PID
Process
Filename
Type
2276iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF0412C4B1586C8FDF.TMP
MD5:
SHA256:
2276iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF5BE773DF84D4963C.TMP
MD5:
SHA256:
2276iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{EBF24D5F-5507-11EA-972D-5254004A04AF}.dat
MD5:
SHA256:
3968WScript.exeC:\Users\admin\AppData\Local\Temp\pwkrZgaluM.DKBRtext
MD5:
SHA256:
3968WScript.exeC:\Users\admin\AppData\Local\Temp\SPMtc.txtexecutable
MD5:
SHA256:
2276iexplore.exeC:\Users\admin\AppData\Local\Temp\CabD3AF.tmp
MD5:
SHA256:
2276iexplore.exeC:\Users\admin\AppData\Local\Temp\TarD3B0.tmp
MD5:
SHA256:
1932iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\errorPageStrings[1]text
MD5:
SHA256:
1932iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\ErrorPageTemplate[1]text
MD5:F4FE1CB77E758E1BA56B8A8EC20417C5
SHA256:8D018639281B33DA8EB3CE0B21D11E1D414E59024C3689F92BE8904EB5779B5F
2152iexplore.exeC:\Users\admin\AppData\Local\Temp\~DFEAC5F63BFF0B88B7.TMP
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
44
TCP/UDP connections
51
DNS requests
7
Threats
114

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2276
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D
US
der
1.47 Kb
whitelisted
2276
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D
US
der
1.47 Kb
whitelisted
3316
iexplore.exe
GET
404
31.184.254.193:80
http://ad1.wensa.at/api1/ya75tal3/hEz0gFnNwEJwdODXILdHwWQ/hdIe4qdXnL/tocJH6VENM6ObuYbI/xP5lm90vdAPD/_2Bn3CMUCSn/eIwBt1WMLWouWY/ij_2F2De_2FB7S1ihyaz1/l2ZSVL58rLzAKdqM/JmB_2BbcHRY6ldP/cIFtK8QmCICXPw8HEz/_2BE2r5Du/460AL8zVmkQg9JyQNQYi/S5jO37EhZZDQUarTjlW/dvUA_2BMkF8_2BuGcE6qIY/vFd86naM3pyNz/isM3heDd/ArcMclHrAw_0A_0DSWM60rZ/UPUILnm2XVxgpUE2t/EU
RU
html
123 b
whitelisted
2652
iexplore.exe
GET
404
31.184.254.193:80
http://nort.calag.at/api1/T_2BIi9cndgE7hj9/Ed79Q_2BzJjbyMT/5plzX7Ns85QmYlPFku/NX5XJM04I/G6n5qJ3AhnpPHudoxMHe/NkJa0cs998WWDT5vwRp/RczzAJmqJaCcUZTykl2Xm8/gpNdfFTHLmg03/eN909NzB/38g_2FUXmbcWGvHKlEhDxHe/PBLSZbfWCw/abmzQWugDNWOHsfh7/hgOr8XjKRH6p/oCjx7toWqHf/s60zHpRHyFK9wg/td7BoeLVy3f11b_2Fgwqu/_2Bap2jx3qvG9w_0/A_0D_2BNkbgjNFb/_2FivPOcpP2MtvMo/bf8
RU
html
123 b
malicious
2276
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D
US
der
1.47 Kb
whitelisted
1544
iexplore.exe
GET
404
31.184.254.193:80
http://ad1.wensa.at/api1/S03zLqUp/1Is_2FtBJz6P7WpWdrqMU6e/_2FZujwC9j/q8ROG0wUMXGe1XOG_/2BROQ3CJf9N9/1o7malJymWw/x6eUPN29fHqt7j/Z9cHchugO71gTtVSQ7OLB/fTbR4ean5_2B6Z15/qIdIOEs5DJNxwBP/7b1PxvRYNodsgkttqT/vIeCf4ZE2/K5gwXaRpKk4c5ieuTS54/qzisx6pdJzbdDHLaQqw/APMk2JuqPVoC0nq48eS_2F/rbvg6AHgeCUKM/CHJ5GOZE/pv3mSQ_0A_0DteXNnZ_2FxX/VJwRxcWfi0c8K/nHda
RU
html
123 b
whitelisted
1932
iexplore.exe
GET
404
31.184.254.193:80
http://ad1.wensa.at/api1/5P0YpMC_2BygynR/h1AFkFLgunsqBzwh1F/T76x9PQVz/_2BBPicyz_2Fr29oRy7r/FIQ_2F_2BuwIbIoU9Zf/HkA7dWFOO3ae_2FwrbyCRU/wJR9j7YE8Uf7H/3ONRILnW/d0xZ8gG3fvtYn4SrqbSLKWc/RAlCfF4k_2/FVCOYl5RUw106Foi4/fWnF0vl_2FxY/kZzOBUaNvLR/gkV9HPoE6lStFf/Qlgi2r_2FfV_2Bi_2BD6d/n6ozXpU4YQlyySA5/m_2B0g2VS3hZSsW/37TBpObFLFtwe_0A_0/Dw0YmXTBD/lxb1ZG3pxZ/nNgifrjy
RU
html
123 b
whitelisted
3808
regsvr32.exe
GET
404
31.184.254.193:80
http://ad1.wensa.at/api1/3DRapPOG/JpZ3v3hddFsULqThH7qNy94/TAj_2BNnmQ/6x6JUjYdh5E64MfHG/iOaH792aQeay/XiArnbsH0Dy/gOSLMHFTDO9xBn/5xzBoBqEQt0wBC_2BNyW8/B5VvDiq2VkVjuUsS/BH2fN8EUcYxYj8h/KEMnc8wYu97DXg5t_2/BVvYo2zLv/1l9Ko5nesY375rl5vapw/CQRYUr9Q7teNai3_2FE/k_2FRFe_2FiE98Pt4ZRPIr/dkKiP1TdYPbfe/3X8zc7sa/lhjOTUBj_0A_0DpftQDv_2F/cY_2FFTaU/YE9bpYgFKB_2F/1
RU
html
162 b
whitelisted
3808
regsvr32.exe
GET
404
31.184.254.193:80
http://ad1.wensa.at/api1/FvY5j1j7ds/u6UyrmKrbM1IEy_2F/VWXvbHqsJ0Y5/oxbVWJyw93F/W97k2sQz99R9FP/DCGgVEuruaQI9Wxh_2Bge/gB880mcYB3w_2B6o/y8rFnScC2g_2FR3/lu41YBs47w7yPcwVfr/NwzoMxt_2/BAEGyfbBng1Suumq63Am/62kI6vDbRbyDX_2FMh8/hvoSWPDfTqJF1SlRbP5YFq/ZXrWyoDTmXB97/KXfMwuQc/2VJqtLbrTlDo8dNHYXkF_2B/RiVkK0OOvb/P1KnKI84_0A_0DcuQ/c6sFekwjFRaV/F77WGvrmr/N7
RU
html
162 b
whitelisted
3808
regsvr32.exe
GET
404
31.184.254.193:80
http://nort.calag.at/api1/xZvgdBKWy/CUyrJsNRzw58znhlalC2/GmhdDU4QZpy65Dzi2yg/WZt5cV1fbhXoSimSh00uGH/MWvv9pf4diSq4/NIkwCq1u/JA8VTdsKRxxZtRA1utVYavU/qBzqfuYvpd/4d4A64omkrxqiH072/GtboF4RFaErP/G4CwWEcEwQ8/ubwhHtPlAlMd_2/FU_2F5hIZSKUBYm4km3zy/WHeN60D7a5Srz_2F/_2BU3R1asiPC05b/qUI6Fbuv8qASX6Glu8/mBUmusmj_/2FaQd_0A_0Drc850Cyv1/g6nuSduU/bjV9PnNK/f
RU
html
162 b
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1932
iexplore.exe
31.184.254.193:80
ad1.wensa.at
RU
malicious
2276
iexplore.exe
152.199.19.161:443
iecvlist.microsoft.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3316
iexplore.exe
31.184.254.193:80
ad1.wensa.at
RU
malicious
3808
regsvr32.exe
31.184.254.193:80
ad1.wensa.at
RU
malicious
31.184.254.193:80
ad1.wensa.at
RU
malicious
1544
iexplore.exe
31.184.254.193:80
ad1.wensa.at
RU
malicious
2652
iexplore.exe
31.184.254.193:80
ad1.wensa.at
RU
malicious
2276
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted

DNS requests

Domain
IP
Reputation
ad1.wensa.at
  • 31.184.254.193
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
nort.calag.at
  • 31.184.254.193
unknown

Threats

PID
Process
Class
Message
1932
iexplore.exe
A Network Trojan was detected
MALWARE [PTsecurity] Ursnif
1544
iexplore.exe
A Network Trojan was detected
MALWARE [PTsecurity] Ursnif
2652
iexplore.exe
A Network Trojan was detected
MALWARE [PTsecurity] Ursnif
3316
iexplore.exe
A Network Trojan was detected
MALWARE [PTsecurity] Ursnif
3808
regsvr32.exe
A Network Trojan was detected
MALWARE [PTsecurity] Ursnif
3808
regsvr32.exe
A Network Trojan was detected
MALWARE [PTsecurity] Ursnif
3808
regsvr32.exe
A Network Trojan was detected
MALWARE [PTsecurity] Ursnif
3808
regsvr32.exe
A Network Trojan was detected
MALWARE [PTsecurity] Ursnif
3808
regsvr32.exe
A Network Trojan was detected
MALWARE [PTsecurity] Ursnif
3808
regsvr32.exe
A Network Trojan was detected
MALWARE [PTsecurity] Ursnif
78 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
job_presentation_g2s.js