download:

FRN3eaV

Full analysis: https://app.any.run/tasks/a277fa36-74fc-49be-b75a-af2bab1d52c2
Verdict: Malicious activity
Analysis date: January 14, 2020, 20:13:22
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/html
File info: HTML document, UTF-8 Unicode text, with very long lines
MD5:

4288E208AEE4F483171590256533D7D1

SHA1:

F5E9E8F603691CE7F58168D2F98701E978BFC6A3

SHA256:

8A005F25BF923F434C5328089976ED926E8C891CAB62F22C2B631C8B200D3ACD

SSDEEP:

3072:agXUydOe9ytN4e1eZe/gSxiehSGL2oWdRE4oY/4OeUiY74opc69UGwu9:agXUiOftXeZe/gS0ehSsW7FNeC9UGwu9

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Creates files in the user directory

      • iexplore.exe (PID: 2172)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 2172)

    • Changes internet zones settings

      • iexplore.exe (PID: 1556)

    • Reads internet explorer settings

      • iexplore.exe (PID: 2172)

    • Application launched itself

      • iexplore.exe (PID: 1556)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.htm/html | HyperText Markup Language with DOCTYPE (80.6)
.html | HyperText Markup Language (19.3)

EXIF

HTML

ContentType: text/html; charset=UTF-8
Description: Watch 000's of Real People Naked & Having Sex Live on Webcam 24/7. 100% Free to Watch, Chat & Broadcast. No-Sign Up & No Registration Required.
verifyV1: Gcyhx0isegGRpvUJb7JTAAYbZMQslsMWHAzJY2nZqzc=
Title: CAM4: Free Live Sex Cams | Worlds Largest Live Porn Site!
HTTPEquivXUACompatible: IE=edge
viewport: width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no
Rating: mature
PicsLabel: (pics-1.1 "http://www.icra.org/pics/vocabularyv03/" l gen true for "http://cam4.com" r (n 2 s 2 v 3 l 2 oa 2 ob 2 oc 2 od 2 oe 2 of 2 og 2 oh 2 c 2) gen true for "http://www.cam4.com" r (n 2 s 2 v 3 l 2 oa 2 ob 2 oc 2 od 2 oe 2 of 2 og 2 oh 2 c 2))
googleSiteVerification: nNJTeakYvBAphrP9ljiRy_0NNW8wU1nXlMozQnL8TUo
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
1556"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\FRN3eaV.htmC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2172"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1556 CREDAT:79873C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
Total events
431
Read events
343
Write events
87
Delete events
1

Modification events

(PID) Process:(1556) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(1556) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(1556) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(1556) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:
1
(PID) Process:(1556) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(1556) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000092000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(1556) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
Operation:writeName:{5D34BA61-370A-11EA-AB41-5254004A04AF}
Value:
0
(PID) Process:(1556) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Type
Value:
4
(PID) Process:(1556) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Count
Value:
2
(PID) Process:(1556) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Time
Value:
E407010002000E0014000D002D000A02
Executable files
0
Suspicious files
0
Text files
173
Unknown types
6

Dropped files

PID
Process
Filename
Type
1556iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
MD5:
SHA256:
1556iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
2172iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\desktop_4d98d917[1].csstext
MD5:
SHA256:
2172iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\es5-shim[1].jstext
MD5:
SHA256:
2172iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\jquery.min.1.7.2[1].jshtml
MD5:30A26E83ABC7EC4ECE96430BE4F7C8AE
SHA256:F1AF8DAF006C166CFA99C390FFBE18761700CB92A8547352808B0CD0B20AC9CB
2172iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\errorPageStrings[1]text
MD5:1A0563F7FB85A678771450B131ED66FD
SHA256:EB5678DE9D8F29CA6893D4E6CA79BD5AB4F312813820FE4997B009A2B1A1654C
2172iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\outdatedbrowser.min_c6f9f16c[1].csstext
MD5:
SHA256:
2172iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\dwn-arw-wh[1].pngimage
MD5:
SHA256:
2172iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\verificationAccount_39bd1188[1].jstext
MD5:
SHA256:
2172iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\logo[1].pngimage
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
12
TCP/UDP connections
112
DNS requests
14
Threats
10

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2172
iexplore.exe
GET
200
45.77.54.226:80
http://c.tinb.net/p.js?a=157pr4o
DE
text
3.18 Kb
whitelisted
2172
iexplore.exe
OPTIONS
400
172.217.21.232:80
http://www.googletagmanager.com/
US
html
1.52 Kb
whitelisted
1556
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
2172
iexplore.exe
OPTIONS
400
172.217.21.232:80
http://www.googletagmanager.com/
US
html
1.52 Kb
whitelisted
2172
iexplore.exe
OPTIONS
400
172.217.21.232:80
http://www.googletagmanager.com/
US
html
1.52 Kb
whitelisted
2172
iexplore.exe
OPTIONS
400
172.217.21.232:80
http://www.googletagmanager.com/
US
html
1.52 Kb
whitelisted
2172
iexplore.exe
OPTIONS
400
172.217.21.232:80
http://www.googletagmanager.com/
US
html
1.52 Kb
whitelisted
2172
iexplore.exe
OPTIONS
400
172.217.21.232:80
http://www.googletagmanager.com/
US
html
1.52 Kb
whitelisted
2172
iexplore.exe
OPTIONS
400
172.217.21.232:80
http://www.googletagmanager.com/
US
html
1.52 Kb
whitelisted
2172
iexplore.exe
OPTIONS
400
172.217.21.232:80
http://www.googletagmanager.com/
US
html
1.52 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2172
iexplore.exe
184.94.152.22:443
dumpster.cam4.com
MOJOHOST
US
unknown
4
System
159.122.87.148:445
dev.visualwebsiteoptimizer.com
SoftLayer Technologies Inc.
DE
unknown
4
System
159.122.87.153:139
dev.visualwebsiteoptimizer.com
SoftLayer Technologies Inc.
DE
unknown
4
System
159.122.87.153:445
dev.visualwebsiteoptimizer.com
SoftLayer Technologies Inc.
DE
unknown
1556
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
2172
iexplore.exe
66.254.122.100:443
cam4-static.xcdnpro.com
Reflected Networks, Inc.
US
suspicious
2172
iexplore.exe
2.21.36.226:443
cdn.optimizely.com
GTT Communications Inc.
FR
unknown
4
System
172.217.21.232:445
www.googletagmanager.com
Google Inc.
US
whitelisted
4
System
172.217.21.232:139
www.googletagmanager.com
Google Inc.
US
whitelisted
2172
iexplore.exe
172.217.21.232:80
www.googletagmanager.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
cdn.optimizely.com
  • 2.21.36.226
whitelisted
cam4-static.xcdnpro.com
  • 66.254.122.100
  • 66.254.122.102
  • 66.254.122.104
suspicious
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
www.googletagmanager.com
  • 172.217.21.232
whitelisted
allcdn-lw.xcdnpro.com
  • 66.254.122.100
  • 66.254.122.102
  • 66.254.122.104
suspicious
snapshots.xcdnpro.com
  • 66.254.122.102
  • 66.254.122.104
  • 66.254.122.100
suspicious
dumpster.cam4.com
  • 184.94.152.22
unknown
dev.visualwebsiteoptimizer.com
  • 159.122.87.148
  • 159.122.87.153
whitelisted
dns.msftncsi.com
  • 131.107.255.255
shared
c.tinb.net
  • 45.77.54.226
unknown

Threats

Found threats are available for the paid subscriptions
10 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
FRN3eaV