analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://ncaasoccerplayerageny.com

Full analysis: https://app.any.run/tasks/b9be7386-1d3f-4003-8064-866bcd6526b5
Verdict: Malicious activity
Analysis date: October 14, 2019, 20:14:55
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

4F583B78E38E049DFD120A0EB33149AA

SHA1:

72366428BCAEB7896B1A2A6D6E99B04D6783DE79

SHA256:

85F522BC6C178A6560E3EFAC14780DE19A74DFB779E72336A8101734283F7D79

SSDEEP:

3:N1KQeRyR6GKI:CQegR6K

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Changes internet zones settings

      • iexplore.exe (PID: 2168)

    • Application launched itself

      • iexplore.exe (PID: 2168)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 2168)
      • iexplore.exe (PID: 1152)

    • Reads internet explorer settings

      • iexplore.exe (PID: 1152)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2168"C:\Program Files\Internet Explorer\iexplore.exe" -nohomeC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
1152"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2168 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Total events
388
Read events
327
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
12
Unknown types
5

Dropped files

PID
Process
Filename
Type
2168iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
MD5:
SHA256:
2168iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
1152iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.datdat
MD5:0A116BFD8181B4567B4061095BC99614
SHA256:AAF0D89D48D0A112C9686DC9B7735C35E917B64DF4C1264B1D1A4C6B8B5CD200
1152iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.datdat
MD5:8B019B3627C2CD174A230B331F853E56
SHA256:19F0839922460EAA87433CA44E4CEEAB5FAAAEE9DCC1794EC0ADF52584D0CFC5
1152iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GXEYTUHT\desktop.iniini
MD5:4A3DEB274BB5F0212C2419D3D8D08612
SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38
1152iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PYVHCLIN\style[1].csstext
MD5:96F84D0985AF87B4D4F6AE8816F9C5C5
SHA256:93A1109ADA0CD55DEDEAF7E9C4251A7F91AC3C3E1AB85E25E37B6CD4E47D504B
1152iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GXEYTUHT\caf[1].jstext
MD5:BF0FB0E5EEDE0D518963E4C319F98113
SHA256:C9F620EE86C31C07C60F98AAA3A8AD3030C1C2552C28D6E02667E298573E5902
2168iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019101420191015\index.datdat
MD5:89849E26AEB06ECF55ABFD800FEACC3C
SHA256:2BBF0B1A7C9D60720535CAA0AD6B7029B9E3011C86C11867B235E3D28A3C7C4E
1152iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8VUEIFWU\jsparkcaf[1].phphtml
MD5:BCD123998957F283546AE72DB1B82AEB
SHA256:A585BAE47948C8FB9DC5CBFA126AAB64C5CE631CBC8B2196561E593892251F26
1152iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019101420191015\index.datdat
MD5:BCFB90D67394BC8EDF033588739CE41C
SHA256:E8737324E52AD8B05846971FB598D4F6FFA88CF5E239E3F60A3B8BD0E8C18AF8
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
12
TCP/UDP connections
13
DNS requests
10
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1152
iexplore.exe
GET
200
13.35.253.54:80
http://i.cdnpark.com/themes/assets/style.css
US
text
343 b
whitelisted
1152
iexplore.exe
GET
200
185.53.179.29:80
http://parkingcrew.net/jsparkcaf.php?regcn=243142&_v=2&_h=www.ncaasoccerplayerageny.com&_t=1571084136780
DE
html
2.50 Kb
whitelisted
2168
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
1152
iexplore.exe
GET
200
185.53.178.30:80
http://js.parkingcrew.net/assets/scripts/registrar-caf/243142.js
DE
text
2.92 Kb
whitelisted
2168
iexplore.exe
GET
198.54.117.216:80
http://www.ncaasoccerplayerageny.com/favicon.ico
US
malicious
1152
iexplore.exe
GET
200
13.35.253.54:80
http://i.cdnpark.com/themes/registrar/style_namecheap.css
US
text
1.73 Kb
whitelisted
1152
iexplore.exe
GET
200
172.217.16.132:80
http://www.google.com/adsense/domains/caf.js
US
text
54.9 Kb
whitelisted
1152
iexplore.exe
GET
200
198.54.117.211:80
http://www.ncaasoccerplayerageny.com/
US
html
4.99 Kb
malicious
1152
iexplore.exe
GET
302
192.64.119.43:80
http://ncaasoccerplayerageny.com/
US
html
60 b
suspicious
1152
iexplore.exe
GET
200
185.53.178.30:80
http://js.parkingcrew.net/assets/scripts/jsparkcaf.js
DE
text
5.51 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2168
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
1152
iexplore.exe
198.54.117.216:80
www.ncaasoccerplayerageny.com
Namecheap, Inc.
US
malicious
1152
iexplore.exe
192.64.119.43:80
ncaasoccerplayerageny.com
Namecheap, Inc.
US
suspicious
1152
iexplore.exe
198.54.117.211:80
www.ncaasoccerplayerageny.com
Namecheap, Inc.
US
malicious
1152
iexplore.exe
13.35.253.54:80
i.cdnpark.com
US
unknown
2168
iexplore.exe
198.54.117.216:80
www.ncaasoccerplayerageny.com
Namecheap, Inc.
US
malicious
185.53.179.29:80
parkingcrew.net
Team Internet AG
DE
malicious
1152
iexplore.exe
172.217.16.132:80
www.google.com
Google Inc.
US
whitelisted
1152
iexplore.exe
172.217.22.67:80
www.gstatic.com
Google Inc.
US
whitelisted
13.35.253.54:80
i.cdnpark.com
US
unknown

DNS requests

Domain
IP
Reputation
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
ncaasoccerplayerageny.com
  • 192.64.119.43
suspicious
www.ncaasoccerplayerageny.com
  • 198.54.117.216
  • 198.54.117.211
  • 198.54.117.215
  • 198.54.117.217
  • 198.54.117.212
  • 198.54.117.218
  • 198.54.117.210
malicious
dns.msftncsi.com
  • 131.107.255.255
shared
i.cdnpark.com
  • 13.35.253.54
  • 13.35.253.80
  • 13.35.253.65
  • 13.35.253.110
whitelisted
parkingcrew.net
  • 185.53.179.29
whitelisted
www.google.com
  • 172.217.16.132
whitelisted
js.parkingcrew.net
  • 185.53.178.30
whitelisted
www.gstatic.com
  • 172.217.22.67
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
http://ncaasoccerplayerageny.com