analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
download:

MySocialShortcut.89fc5c738d804edcaec8bfd52a88aeb2.exe

Full analysis: https://app.any.run/tasks/115bd98c-be45-4d7a-904c-5368e877c12f
Verdict: Malicious activity
Analysis date: June 12, 2019, 12:09:42
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

8BAF3AC5BAC8A397A5F81F4036C77E78

SHA1:

17A98A422140B116FC21A6AFC90AC7F7D4243028

SHA256:

8B20DB318D39B765A3F0F03B74021DE10BB036050EC5822250B65D70F901A633

SSDEEP:

6144:obUTp1bkLBbM+zsT8qEJEbrPBj3AmXvCdWYDbHIae+0U/aM4tp5iFw2Em8:oIroHJ2aKasspeuSLp5iefm

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Loads dropped or rewritten executable

      • MySocialShortcut.89fc5c738d804edcaec8bfd52a88aeb2.exe (PID: 1520)
    • Changes settings of System certificates

      • MySocialShortcut.89fc5c738d804edcaec8bfd52a88aeb2.exe (PID: 1520)
  • SUSPICIOUS

    • Creates files in the user directory

      • MySocialShortcut.89fc5c738d804edcaec8bfd52a88aeb2.exe (PID: 1520)
    • Changes the started page of IE

      • MySocialShortcut.89fc5c738d804edcaec8bfd52a88aeb2.exe (PID: 1520)
    • Executed via COM

      • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 3032)
      • iexplore.exe (PID: 3452)
    • Executable content was dropped or overwritten

      • MySocialShortcut.89fc5c738d804edcaec8bfd52a88aeb2.exe (PID: 1520)
    • Creates a software uninstall entry

      • MySocialShortcut.89fc5c738d804edcaec8bfd52a88aeb2.exe (PID: 1520)
  • INFO

    • Changes internet zones settings

      • iexplore.exe (PID: 3452)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 3452)
      • iexplore.exe (PID: 4088)
    • Reads internet explorer settings

      • iexplore.exe (PID: 3504)
      • iexplore.exe (PID: 476)
      • iexplore.exe (PID: 2432)
      • iexplore.exe (PID: 4088)
    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3504)
      • iexplore.exe (PID: 4088)
      • iexplore.exe (PID: 476)
      • iexplore.exe (PID: 3452)
      • iexplore.exe (PID: 2432)
    • Application launched itself

      • iexplore.exe (PID: 3452)
    • Creates files in the user directory

      • iexplore.exe (PID: 3504)
      • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 3032)
      • iexplore.exe (PID: 476)
      • iexplore.exe (PID: 3452)
      • iexplore.exe (PID: 2432)
      • iexplore.exe (PID: 4088)
    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 3452)
    • Changes settings of System certificates

      • iexplore.exe (PID: 3452)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

ProductVersion: 2.7.1.3000
ProductName: MySocialShortcut
LegalTrademarks: ® & ™ Mindspark Interactive Network, Inc. An IAC Company. All rights reserved.
LegalCopyright: © 2015 Mindspark Interactive Network, Inc. An IAC Company. All rights reserved.
InternalName: MySocialShortcut
FileVersion: 2.7.1.3000
FileDescription: MySocialShortcut Setup
CompanyName: Mindspark Interactive Network, Inc.
Comments: http://www.mindspark.com
CharacterSet: ASCII
LanguageCode: English (U.S.)
FileSubtype: -
ObjectFileType: Executable application
FileOS: Win32
FileFlags: (none)
FileFlagsMask: 0x0000
ProductVersionNumber: 2.7.1.3000
FileVersionNumber: 2.7.1.3000
Subsystem: Windows GUI
SubsystemVersion: 4
ImageVersion: 6
OSVersion: 4
EntryPoint: 0x3229
UninitializedDataSize: 2048
InitializedDataSize: 186368
CodeSize: 25088
LinkerVersion: 6
PEType: PE32
TimeStamp: 2013:12:25 06:01:44+01:00
MachineType: Intel 386 or later, and compatibles

Summary

Architecture: IMAGE_FILE_MACHINE_I386
Subsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date: 25-Dec-2013 05:01:44
Detected languages:
  • English - United States
Comments: http://www.mindspark.com
CompanyName: Mindspark Interactive Network, Inc.
FileDescription: MySocialShortcut Setup
FileVersion: 2.7.1.3000
InternalName: MySocialShortcut
LegalCopyright: © 2015 Mindspark Interactive Network, Inc. An IAC Company. All rights reserved.
LegalTrademarks: ® & ™ Mindspark Interactive Network, Inc. An IAC Company. All rights reserved.
ProductName: MySocialShortcut
ProductVersion: 2.7.1.3000

DOS Header

Magic number: MZ
Bytes on last page of file: 0x0090
Pages in file: 0x0003
Relocations: 0x0000
Size of header: 0x0004
Min extra paragraphs: 0x0000
Max extra paragraphs: 0xFFFF
Initial SS value: 0x0000
Initial SP value: 0x00B8
Checksum: 0x0000
Initial IP value: 0x0000
Initial CS value: 0x0000
Overlay number: 0x0000
OEM identifier: 0x0000
OEM information: 0x0000
Address of NE header: 0x000000C8

PE Headers

Signature: PE
Machine: IMAGE_FILE_MACHINE_I386
Number of sections: 5
Time date stamp: 25-Dec-2013 05:01:44
Pointer to Symbol Table: 0x00000000
Number of symbols: 0
Size of Optional Header: 0x00E0
Characteristics:
  • IMAGE_FILE_32BIT_MACHINE
  • IMAGE_FILE_EXECUTABLE_IMAGE
  • IMAGE_FILE_LINE_NUMS_STRIPPED
  • IMAGE_FILE_LOCAL_SYMS_STRIPPED
  • IMAGE_FILE_RELOCS_STRIPPED

Sections

Name
Virtual Address
Virtual Size
Raw Size
Charateristics
Entropy
.text
0x00001000
0x0000606C
0x00006200
IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
6.45707
.rdata
0x00008000
0x00001460
0x00001600
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
4.94596
.data
0x0000A000
0x0002AF98
0x00000600
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
3.79535
.ndata
0x00035000
0x00055000
0x00000000
IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
0
.rsrc
0x0008A000
0x000049E0
0x00004A00
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
5.08156

Resources

Title
Entropy
Size
Codepage
Language
Type
1
5.31253
1118
UNKNOWN
English - United States
RT_MANIFEST
2
4.90691
4264
UNKNOWN
English - United States
RT_ICON
3
4.78132
1128
UNKNOWN
English - United States
RT_ICON
103
2.27308
48
UNKNOWN
English - United States
RT_GROUP_ICON
105
2.73893
514
UNKNOWN
English - United States
RT_DIALOG
106
2.89384
248
UNKNOWN
English - United States
RT_DIALOG
111
2.89887
238
UNKNOWN
English - United States
RT_DIALOG

Imports

ADVAPI32.dll
COMCTL32.dll
GDI32.dll
KERNEL32.dll
SHELL32.dll
USER32.dll
VERSION.dll
ole32.dll
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
40
Monitored processes
7
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start mysocialshortcut.89fc5c738d804edcaec8bfd52a88aeb2.exe iexplore.exe iexplore.exe iexplore.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
1520"C:\Users\admin\AppData\Local\Temp\MySocialShortcut.89fc5c738d804edcaec8bfd52a88aeb2.exe" C:\Users\admin\AppData\Local\Temp\MySocialShortcut.89fc5c738d804edcaec8bfd52a88aeb2.exe
explorer.exe
User:
admin
Company:
Mindspark Interactive Network, Inc.
Integrity Level:
MEDIUM
Description:
MySocialShortcut Setup
Exit code:
0
Version:
2.7.1.3000
3452"C:\Program Files\Internet Explorer\iexplore.exe" -EmbeddingC:\Program Files\Internet Explorer\iexplore.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
3504"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3452 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
476"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3452 CREDAT:203009C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
4088"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3452 CREDAT:203010C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
3032C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -EmbeddingC:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exesvchost.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
MEDIUM
Description:
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Version:
26,0,0,131
2432"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3452 CREDAT:399617C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Total events
1 936
Read events
1 593
Write events
0
Delete events
0

Modification events

No data
Executable files
3
Suspicious files
11
Text files
250
Unknown types
21

Dropped files

PID
Process
Filename
Type
1520MySocialShortcut.89fc5c738d804edcaec8bfd52a88aeb2.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A2ECA083537A02B6158458FF1752C63Fbinary
MD5:4633E283828D989B6A251F2B3F744F86
SHA256:5942AA10C7925B3862AFF863E9312C929F714FB4B2A4CB8DDDCC8E9A7D978AD1
1520MySocialShortcut.89fc5c738d804edcaec8bfd52a88aeb2.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\installerParams[1].jhtmltext
MD5:4951B872E8344239092C417BBD8A28F9
SHA256:AA71D2B21E71096F074F3EF6E6B9E0AFBE49A1571D142CB14FE907472638079B
1520MySocialShortcut.89fc5c738d804edcaec8bfd52a88aeb2.exeC:\Users\admin\AppData\Local\Temp\nsbF8A.tmp\MySocialShortcut_msi_bg-copy_1501795291716.bmpimage
MD5:2E32BE0DEB92B15755D7F0F7CE8596AE
SHA256:0664AA978FA16EC7812F56118A7B79161389FFFB0929BA7D8F5464C24DB10869
3504iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.datdat
MD5:B13FF2F0D2CFD7862D305410140A9F94
SHA256:BA355AC2345BCC85E704EAD23ACDE98BFA6B9D924296417BC44536837567E60F
1520MySocialShortcut.89fc5c738d804edcaec8bfd52a88aeb2.exeC:\Users\admin\AppData\Local\Temp\nsbF8A.tmp\MySocialShortcut_msi_bg-copy_1501795269847.bmpimage
MD5:F58F22BE1F3C1E8A0B1AEEE053F48B04
SHA256:1E596797A76489DFC09C8E4DF4C77C36D2CB01578B3799D7E2A1F9A7FB01D049
3452iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\favicon[1].ico
MD5:
SHA256:
1520MySocialShortcut.89fc5c738d804edcaec8bfd52a88aeb2.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txttext
MD5:46D792BE6AAF8A58F5A36E7536DE19FF
SHA256:32DF45CE92D9F15B4B334840179C65F5C9518153C567B8F918ADC6A3DE0F27AB
1520MySocialShortcut.89fc5c738d804edcaec8bfd52a88aeb2.exeC:\Users\admin\AppData\Local\Temp\nsbF8A.tmp\installerParamstext
MD5:4951B872E8344239092C417BBD8A28F9
SHA256:AA71D2B21E71096F074F3EF6E6B9E0AFBE49A1571D142CB14FE907472638079B
3452iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3452iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].ico
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
62
TCP/UDP connections
197
DNS requests
43
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4088
iexplore.exe
GET
200
2.18.232.251:80
http://ak.staticimgfarm.com/images/webtooltab/chiclets/MySocialShortcut/MySocialShortcut_chiclet_vine.png
unknown
image
2.20 Kb
whitelisted
4088
iexplore.exe
GET
200
2.18.232.251:80
http://ak.staticimgfarm.com/images/webtooltab/assets/logos/BVB.png
unknown
image
6.42 Kb
whitelisted
4088
iexplore.exe
GET
200
2.18.232.251:80
http://hp.myway.com/mysocialshortcut/ttab02/assets/1559151899559/app.js
unknown
text
109 Kb
whitelisted
3452
iexplore.exe
GET
200
2.18.232.251:80
http://ak.staticimgfarm.com/images/vicinio/chrome/spent/images/favicon/BVB.ico
unknown
image
1.12 Kb
whitelisted
4088
iexplore.exe
GET
200
2.18.232.251:80
http://hp.myway.com/mysocialshortcut/ttab02/index.html?n=78586DDD&p2=^BVB^xdm513^TTAB02^il&ptb=9354AB4D-CC60-4A51-9356-2ED61EDE2BF3&coid=89fc5c738d804edcaec8bfd52a88aeb2
unknown
html
3.09 Kb
whitelisted
4088
iexplore.exe
GET
200
2.18.232.251:80
http://ak.staticimgfarm.com/images/webtooltab/chiclets/linkedin.png
unknown
image
2.70 Kb
whitelisted
4088
iexplore.exe
GET
200
2.18.232.251:80
http://ak.staticimgfarm.com/images/webtooltab/ttdetect-2/prd/ttdetect.html
unknown
html
4.49 Kb
whitelisted
4088
iexplore.exe
GET
200
2.18.232.251:80
http://ak.staticimgfarm.com/images/webtooltab/search/google_enhancedby_v2.png
unknown
image
5.21 Kb
whitelisted
4088
iexplore.exe
GET
200
2.18.232.251:80
http://hp.myway.com/mysocialshortcut/ttab02/assets/1559151899559/ie8.js
unknown
html
868 b
whitelisted
4088
iexplore.exe
GET
200
2.18.232.251:80
http://ak.staticimgfarm.com/images/webtooltab/chiclets/macys.png
unknown
image
1008 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3452
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
1520
MySocialShortcut.89fc5c738d804edcaec8bfd52a88aeb2.exe
104.111.245.93:80
cert.int-x3.letsencrypt.org
Akamai International B.V.
NL
whitelisted
3504
iexplore.exe
35.244.218.203:443
dp.tb.ask.com
US
whitelisted
3452
iexplore.exe
35.244.218.203:443
dp.tb.ask.com
US
whitelisted
1520
MySocialShortcut.89fc5c738d804edcaec8bfd52a88aeb2.exe
35.244.218.203:443
dp.tb.ask.com
US
whitelisted
1520
MySocialShortcut.89fc5c738d804edcaec8bfd52a88aeb2.exe
74.113.237.192:443
anx.mindspark.com
Mindspark Interactive Network, Inc.
US
malicious
476
iexplore.exe
74.113.235.189:443
anx.tb.ask.com
Mindspark Interactive Network, Inc.
IE
unknown
3504
iexplore.exe
158.85.72.153:443
stats.gbvanalytics.com
SoftLayer Technologies Inc.
CA
unknown
476
iexplore.exe
35.244.218.203:443
dp.tb.ask.com
US
whitelisted
3452
iexplore.exe
2.18.232.251:80
hp.myway.com
Akamai International B.V.
whitelisted

DNS requests

Domain
IP
Reputation
anx.mindspark.com
  • 74.113.237.192
whitelisted
dp.tb.ask.com
  • 35.244.218.203
whitelisted
cert.int-x3.letsencrypt.org
  • 104.111.245.93
whitelisted
hp.myway.com
  • 2.18.232.251
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
free.mysocialshortcut.com
  • 35.244.218.203
whitelisted
akz.imgfarm.com
  • 2.18.232.251
whitelisted
stats.gbvanalytics.com
  • 158.85.72.153
unknown
anx.tb.ask.com
  • 74.113.235.189
whitelisted
ak.staticimgfarm.com
  • 2.18.232.251
  • 2.18.234.194
whitelisted

Threats

No threats detected
No debug info