analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://the-dj.nl//#[email protected]

Full analysis: https://app.any.run/tasks/8756c529-75c0-41d1-a8dd-6598061fd7a5
Verdict: Malicious activity
Analysis date: September 30, 2020, 06:55:08
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

5D5AB8C6E23EE3AB258CCA50D26005CE

SHA1:

F37B41759F230764F54C6211FC97D80678AF82CB

SHA256:

88568E28121F4A63B07E68B179C49FAA6BC021AB208446FB516FE5A1F992977F

SSDEEP:

3:N1KKNtBP/a6lK2+S:CKNt5/a6lZ+S

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Reads internet explorer settings

      • iexplore.exe (PID: 276)
    • Application launched itself

      • iexplore.exe (PID: 2204)
      • chrome.exe (PID: 588)
    • Reads Internet Cache Settings

      • iexplore.exe (PID: 276)
      • iexplore.exe (PID: 2204)
    • Changes internet zones settings

      • iexplore.exe (PID: 2204)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 276)
      • iexplore.exe (PID: 2204)
    • Manual execution by user

      • chrome.exe (PID: 588)
    • Reads the hosts file

      • chrome.exe (PID: 2624)
      • chrome.exe (PID: 588)
    • Creates files in the user directory

      • iexplore.exe (PID: 276)
    • Changes settings of System certificates

      • iexplore.exe (PID: 2204)
    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 2204)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
56
Monitored processes
19
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2204"C:\Program Files\Internet Explorer\iexplore.exe" http://the-dj.nl//#[email protected]C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
276"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2204 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
588"C:\Program Files\Google\Chrome\Application\chrome.exe" C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
2772"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6b64a9d0,0x6b64a9e0,0x6b64a9ecC:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
2652"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=1580 --on-initialized-event-handle=324 --parent-handle=328 /prefetch:6C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
996"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=992,6475926366781788468,14918439051712140623,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=3104765356638678753 --mojo-platform-channel-handle=1000 --ignored=" --type=renderer " /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
75.0.3770.100
2624"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=992,6475926366781788468,14918439051712140623,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=15345108476363798819 --mojo-platform-channel-handle=1624 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
1244"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=992,6475926366781788468,14918439051712140623,131072 --enable-features=PasswordImport --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=16501460238678720182 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2248 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
2524"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=992,6475926366781788468,14918439051712140623,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=12973662845920325439 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2500 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
75.0.3770.100
2876"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=992,6475926366781788468,14918439051712140623,131072 --enable-features=PasswordImport --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=2418664282773475618 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2456 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Total events
1 102
Read events
938
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
122
Text files
157
Unknown types
36

Dropped files

PID
Process
Filename
Type
276iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\backgroundZoom.bundle[1].csstext
MD5:4EE181EEC5ACA37C4EC1DF51F30A04CB
SHA256:5625A4A337483BC1AEB5612E45FA5626B462B8764A9230201F9B9EC662F0F35A
276iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\jquery.socialfeed[1].csstext
MD5:F6F9AC161B0CBB9617AB0388850BCD66
SHA256:D43E7C28DFA63450B8F12F93E6BAF0D07BE95A73A8607BBB31472FA6629882B1
276iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\backgroundSlider.bundle[1].csstext
MD5:D10E36252BD0933CCAB325BD8CC9AD13
SHA256:AA811AE2A599C03A372F5E3911567628DE366A76AD820FAB033E9007BA56D48C
276iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\VJL36U8Q.htmhtml
MD5:80810AD442EFC59EEB2E67385F29BDAD
SHA256:72A100DF08758E5D3B98E6E810915271D7D92451DE6800313674188258AAF5D1
276iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\fad53675e7804433fadde90e19510ec8.global-elements[1].csstext
MD5:FAD53675E7804433FADDE90E19510EC8
SHA256:AF5AC925468591E0E826AC0A8401FB419AA175B9E6A74008079ABE90F03F465A
276iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\divider.bundle[1].csstext
MD5:102A46BD7958BF1F5892B3B34FA44C46
SHA256:C444B18328FFAFDEBA86A9AC0125C7F03453624F2EBEB1EE3698B7DB76F18313
276iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\jquery[1].jstext
MD5:DC5BA5044FCCC0297BE7B262CE669A7C
SHA256:CF34E1B87BBFD9D9B185DEC994924A496E279D8DC9387AD8D35BC0110134C4D3
276iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\wp-emoji-release.min[1].jstext
MD5:AF2F44DF3198CFDA9FD515873696AD00
SHA256:DBA6B80ACEB1267FD1ED564E08A983730D272813E9B3AFF85DC365C65333DD66
276iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\backgroundColorGradient.bundle[1].csstext
MD5:C2B304D1FE693C7EAF2D08DC19B557B9
SHA256:261A848D8D6FE99CCEA70686BB8E4DCB908593F394A8F54ACC05279252957F06
276iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\front.bundle[1].jstext
MD5:90C9ACA9EF7DBCB560DC7F4886CDDCDB
SHA256:3FE30A1255B5692DF5998D56B0EBFB66320530D751826ADEDD8D79420EEC6CEE
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
155
TCP/UDP connections
94
DNS requests
48
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
276
iexplore.exe
GET
200
5.157.84.103:80
http://the-dj.nl//
NL
html
22.9 Kb
unknown
276
iexplore.exe
GET
200
5.157.84.103:80
http://louislaporte.com/wp-content/visualcomposer-assets/sharedLibraries/backgroundSlider//dist/backgroundSlider.bundle.css?ver=4.8.14
NL
text
973 b
unknown
276
iexplore.exe
GET
200
5.157.84.103:80
http://louislaporte.com/wp-content/plugins/wp-social-feed/bower_components/social-feed/css/jquery.socialfeed.css?ver=1.0.0
NL
text
909 b
unknown
276
iexplore.exe
GET
200
5.157.84.103:80
http://louislaporte.com/wp-content/visualcomposer-assets/assets-bundles/fad53675e7804433fadde90e19510ec8.global-elements.css?ver=4.8.14
NL
text
3.89 Kb
unknown
276
iexplore.exe
GET
200
5.157.84.103:80
http://louislaporte.com/wp-content/visualcomposer-assets/sharedLibraries/backgroundSimple//dist/backgroundSimple.bundle.css?ver=4.8.14
NL
text
471 b
unknown
276
iexplore.exe
GET
200
5.157.84.103:80
http://louislaporte.com/wp-content/visualcomposer-assets/sharedLibraries/divider//dist/divider.bundle.css?ver=4.8.14
NL
text
1.11 Kb
unknown
276
iexplore.exe
GET
200
5.157.84.103:80
http://louislaporte.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=4.9.1
NL
text
634 b
unknown
276
iexplore.exe
GET
200
5.157.84.103:80
http://louislaporte.com/wp-content/themes/twentyseventeen/style.css?ver=4.8.14
NL
text
15.1 Kb
unknown
276
iexplore.exe
GET
200
5.157.84.103:80
http://louislaporte.com/wp-content/visualcomposer-assets/sharedLibraries/backgroundVideoEmbed//dist/backgroundVideoEmbed.bundle.css?ver=4.8.14
NL
text
441 b
unknown
276
iexplore.exe
GET
200
5.157.84.103:80
http://louislaporte.com/wp-content/visualcomposer-assets/sharedLibraries/backgroundZoom//dist/backgroundZoom.bundle.css?ver=4.8.14
NL
text
447 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
276
iexplore.exe
216.58.206.3:80
ocsp.pki.goog
Google Inc.
US
whitelisted
276
iexplore.exe
216.58.207.40:443
www.googletagmanager.com
Google Inc.
US
whitelisted
276
iexplore.exe
151.101.0.217:443
player.vimeo.com
Fastly
US
suspicious
276
iexplore.exe
5.157.84.103:80
the-dj.nl
Cyso Management B.V.
NL
unknown
276
iexplore.exe
172.217.22.42:443
fonts.googleapis.com
Google Inc.
US
whitelisted
276
iexplore.exe
172.217.23.142:443
www.youtube.com
Google Inc.
US
whitelisted
2204
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
276
iexplore.exe
157.240.20.19:443
connect.facebook.net
Facebook, Inc.
US
whitelisted
276
iexplore.exe
216.58.206.2:443
googleads.g.doubleclick.net
Google Inc.
US
whitelisted
276
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted

DNS requests

Domain
IP
Reputation
the-dj.nl
  • 5.157.84.103
unknown
louislaporte.com
  • 5.157.84.103
unknown
fonts.googleapis.com
  • 172.217.22.42
whitelisted
www.googletagmanager.com
  • 216.58.207.40
whitelisted
ocsp.pki.goog
  • 216.58.206.3
whitelisted
www.youtube.com
  • 172.217.23.142
  • 216.58.205.238
  • 216.58.206.14
  • 172.217.22.78
  • 172.217.18.14
  • 216.58.207.46
  • 216.58.207.78
  • 172.217.21.206
  • 172.217.22.110
  • 172.217.16.174
  • 172.217.23.110
  • 216.58.212.142
  • 172.217.22.46
  • 172.217.16.142
  • 216.58.212.174
  • 142.250.74.206
whitelisted
player.vimeo.com
  • 151.101.0.217
  • 151.101.64.217
  • 151.101.128.217
  • 151.101.192.217
whitelisted
fonts.gstatic.com
  • 216.58.212.163
whitelisted
connect.facebook.net
  • 157.240.20.19
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted

Threats

No threats detected
No debug info