analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://stratahealth-my.sharepoint.com/:o:/p/howard_waldner/EtGS13yql2VDlPTAmzaBVnABxf86kbqtAiryNLCGdwz7Bg?e=5%3anWF6MT&at=9

Full analysis: https://app.any.run/tasks/c54b0cc8-ccf0-464b-ad12-02e577721305
Verdict: Malicious activity
Analysis date: December 06, 2019, 16:33:33
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

4E8AD67B71CC59A8BF9E78F23E027562

SHA1:

C40E536A0BA7D790278EB22F6453689D606BE9CC

SHA256:

87DF418D8ACB990A9481B31627162FAFBF83A19B747DA9F0C17496D78E2D7BA7

SSDEEP:

3:N8cI9/ArL5pA+4YPxJ1wzLkHoUqVrZD2:2c4AfXB4YZJ2QHoUqZZD2

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Application launched itself

      • iexplore.exe (PID: 2380)
    • Reads internet explorer settings

      • iexplore.exe (PID: 3716)
    • Changes internet zones settings

      • iexplore.exe (PID: 2380)
    • Creates files in the user directory

      • iexplore.exe (PID: 3716)
    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3716)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 2380)
    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 2380)
    • Changes settings of System certificates

      • iexplore.exe (PID: 2380)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2380"C:\Program Files\Internet Explorer\iexplore.exe" "https://stratahealth-my.sharepoint.com/:o:/p/howard_waldner/EtGS13yql2VDlPTAmzaBVnABxf86kbqtAiryNLCGdwz7Bg?e=5%3anWF6MT&at=9"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
3716"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2380 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Total events
469
Read events
385
Write events
81
Delete events
3

Modification events

(PID) Process:(2380) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2380) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2380) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(2380) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:
1
(PID) Process:(2380) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2380) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000092000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(2380) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
Operation:writeName:{2D89FB3D-1846-11EA-AB41-5254004A04AF}
Value:
0
(PID) Process:(2380) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Type
Value:
4
(PID) Process:(2380) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Count
Value:
2
(PID) Process:(2380) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Time
Value:
E3070C00050006001000210031009700
Executable files
0
Suspicious files
1
Text files
44
Unknown types
10

Dropped files

PID
Process
Filename
Type
2380iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
MD5:
SHA256:
2380iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3716iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EJR98Y61\WopiFrame[1].aspx
MD5:
SHA256:
3716iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.datdat
MD5:739AB3507752A1A87079E761FCF9D353
SHA256:4EB932E4CFB08D8B0131D1B5C38CE2DB8ACDD2FB6ECB8E11CFFB55C5C1816FD9
3716iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.datdat
MD5:AE72F66A0C1AA6D5179018EEBD85CBB2
SHA256:C46E1D0C3EE64B35B5D9DF6F2C986370C60CEB48D6D834ACDC5EDCEEC86832A3
3716iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VVXRIH56\init[1].jstext
MD5:A08F97A7C88BD861A9B085CBF9FA94D9
SHA256:03815D08480FB6A4309AD81D306DF2B316B84D712AB77FEF5D2CA38415330B1F
3716iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EJR98Y61\which-browsers-work-with-office-for-the-web-ad1303e0-a318-47aa-b409-d3a5eb44e452[1].txt
MD5:
SHA256:
3716iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EJR98Y61\WopiFrame[1].htmhtml
MD5:0DAD36BAE4EC27535F646E22F60F2D77
SHA256:39DFDA62B3551AAB836814BAC8A29AA1154C475F09E3314C92FE9850DFA2DCD6
3716iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.datdat
MD5:43E5D008B3C855697CDE00881DEB9C17
SHA256:B9B9B44468CAEA8C06EE6D12938E843620C6CA7876F4798B4E8F63CC349F8FB6
3716iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PTCN58M\desktop.iniini
MD5:4A3DEB274BB5F0212C2419D3D8D08612
SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
26
DNS requests
15
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2380
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2380
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3716
iexplore.exe
2.16.186.27:443
statics-marketingsites-neu-ms-com.akamaized.net
Akamai International B.V.
whitelisted
3716
iexplore.exe
13.107.6.171:443
cac-onenote.officeapps.live.com
Microsoft Corporation
US
whitelisted
3716
iexplore.exe
104.108.55.117:443
go.microsoft.com
Akamai Technologies, Inc.
NL
unknown
3716
iexplore.exe
13.107.136.9:443
stratahealth-my.sharepoint.com
Microsoft Corporation
US
whitelisted
3716
iexplore.exe
104.108.60.51:443
static.sharepointonline.com
Akamai Technologies, Inc.
NL
whitelisted
3716
iexplore.exe
104.111.217.23:443
support.office.com
Akamai International B.V.
NL
unknown
3716
iexplore.exe
2.18.233.62:443
www.microsoft.com
Akamai International B.V.
whitelisted
2.18.233.62:443
www.microsoft.com
Akamai International B.V.
whitelisted
3716
iexplore.exe
152.199.19.160:443
az725175.vo.msecnd.net
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted

DNS requests

Domain
IP
Reputation
stratahealth-my.sharepoint.com
  • 13.107.136.9
suspicious
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
static.sharepointonline.com
  • 104.108.60.51
whitelisted
cac-onenote.officeapps.live.com
  • 13.107.6.171
whitelisted
go.microsoft.com
  • 104.108.55.117
whitelisted
support.office.com
  • 104.111.217.23
whitelisted
www.microsoft.com
  • 2.18.233.62
whitelisted
statics-marketingsites-neu-ms-com.akamaized.net
  • 2.16.186.27
  • 2.16.186.41
whitelisted
az725175.vo.msecnd.net
  • 152.199.19.160
whitelisted
img-prod-cms-rt-microsoft-com.akamaized.net
  • 2.16.186.27
  • 2.16.186.40
whitelisted

Threats

No threats detected
No debug info