analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://fannieae.com

Full analysis: https://app.any.run/tasks/23b23a9e-eee1-462c-8cf2-9554431dbf67
Verdict: Malicious activity
Analysis date: May 23, 2019, 23:05:50
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

D842F3BB5572315D9B41352BCF5E9B81

SHA1:

BE2C65837830E9B58660C648DE813B34585123D6

SHA256:

8C88223B9C99F709C52DDA94E6B10B87CD693781F1B9ED0CA5F2EE1EF5F8CDC5

SSDEEP:

3:N1KYmEhn:CYzhn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Application launched itself

      • iexplore.exe (PID: 3384)
    • Creates files in the user directory

      • iexplore.exe (PID: 2768)
    • Reads internet explorer settings

      • iexplore.exe (PID: 2768)
    • Changes internet zones settings

      • iexplore.exe (PID: 3384)
    • Reads Internet Cache Settings

      • iexplore.exe (PID: 2768)
      • iexplore.exe (PID: 3384)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 3384)
      • iexplore.exe (PID: 2768)
    • Changes settings of System certificates

      • iexplore.exe (PID: 3384)
    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 3384)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
3384"C:\Program Files\Internet Explorer\iexplore.exe" http://fannieae.comC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
2768"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3384 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Total events
433
Read events
353
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
18
Unknown types
7

Dropped files

PID
Process
Filename
Type
3384iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico
MD5:
SHA256:
3384iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
2768iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H7EG0R88\ww25_fannieae_com[1].txt
MD5:
SHA256:
2768iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019052420190525\index.datdat
MD5:6856341250E6B117CAED5DB1B73C4C5B
SHA256:9B0B089019E0346F08A2DD48364912B699156A74582696FFCCB1915B6CF72546
2768iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H7EG0R88\ww25_fannieae_com[1].htmhtml
MD5:A7BFCE2A35136735C9B006CC90711D22
SHA256:352E84086FD1B51A48389EEA6006076CAD8ACE7A01CF3B30B74405DC0E1969DE
2768iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.datdat
MD5:B04178DFFA182D9D7FA9DD1A1086EDA8
SHA256:6DD5ADEC01588E300A0F91091751BAC7B0B3031498948305CCC9310B8FED20DE
2768iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.datdat
MD5:24D23A080647A939380D8A20CCD7DBC4
SHA256:94FF6DE31D3D51290C65FDE999303CE54C24B0F3D2E0EFFB45C2B417194E2F4C
2768iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@fannieae[1].txttext
MD5:B93F6195C6F0F4F0833207B61D5AAC18
SHA256:20F1560EE09DBF6D557D2BC454E2B7235CF48DDC73A867198902D6B365DE5E99
2768iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IZMIS2Q7\newjump1[1].do
MD5:
SHA256:
2768iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.datdat
MD5:95A1D55067FFF21AB52818A91B815706
SHA256:2FC4C53E96D2CA96BA25CD64707102D5E071DB084EFCEF7E5B59BA05A6CC98AB
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
10
TCP/UDP connections
12
DNS requests
9
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2768
iexplore.exe
GET
302
103.224.182.252:80
http://fannieae.com/
AU
malicious
2768
iexplore.exe
GET
302
199.59.242.151:80
http://ww25.fannieae.com/rz?u=https%3A%2F%2Fny18568.com%2Fctrd%2Fclick%2Fnewjump1.do%3Faffiliate%3D44875%26subid%3D9517293%26ai%3DJL6Sh_0k6sQwM5gM5K-NjPjKiegSvaPhu0yLXyF8PGssGcbYwzD4Y_4mIQDlGeSrVICx_tx_0J16bEHg5KJVKJPKAh9DAROEw1eo0j9PQb9591p2CmHInQDeGcgd4njZLIKCFeH9NZoUEVcscgpcIV7fY7zUF0E9locPSNkZPRJ_hJZD2OvWJ60NR8nftLsDdKnZklqWV3qLXo3oE4DUo5L_RLpfEZLPlJyDpga27ALy_aDxwYvrjGQeBKg76xQyByfZpwFmK7-nIMpbdEoBA3WZkE1Himd4KqbXGBbqOLejo3C7CDXgglUsSuDHb07h8QOqCNdvHHRqcixk8Xv2D1ac1Drh6-nueePXWchljv89w-tch9fE47O3PI8EYw5ge_bm7Of41eFwCh3IwHLko7X0Yx6n2z1J9lG_NqE57NchkGGPKV07Wr1nSONOEMyHgwENkAdaNrVsIHQZdSdeAxxuUdtTix8IbTaX08RAB17Dq7Q1641BMyELbxuLkrsh1kNI2UoQJdJSmTKKKe29M2rNAEvLMRBG-HOGC0U-M5JI--ol3qs42OjxPIuWSST8ZBpkoLJaTEA&notadsafe
US
text
7.88 Kb
malicious
2768
iexplore.exe
GET
200
199.59.242.151:80
http://ww25.fannieae.com/glp?r=&u=http%3A%2F%2Fww25.fannieae.com%2F&rw=1280&rh=720&ww=1276&wh=560&ie=8
US
text
7.88 Kb
malicious
2768
iexplore.exe
GET
200
199.59.242.151:80
http://ww25.fannieae.com/
US
html
3.93 Kb
malicious
2768
iexplore.exe
GET
200
172.217.23.132:80
http://www.google.com/adsense/domains/caf.js
US
text
55.0 Kb
whitelisted
2768
iexplore.exe
POST
200
199.59.242.151:80
http://ww25.fannieae.com/gzb
US
text
750 b
malicious
2768
iexplore.exe
GET
200
199.59.242.151:80
http://ww25.fannieae.com/px.gif?ch=2&rn=2.242100536536563
US
image
42 b
malicious
3384
iexplore.exe
GET
404
199.59.242.151:80
http://ww25.fannieae.com/favicon.ico
US
html
3.93 Kb
malicious
2768
iexplore.exe
GET
200
199.59.242.151:80
http://ww25.fannieae.com/px.gif?ch=1&rn=2.242100536536563
US
image
42 b
malicious
3384
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2768
iexplore.exe
199.59.242.151:80
ww25.fannieae.com
Bodis, LLC
US
malicious
2768
iexplore.exe
103.224.182.252:80
fannieae.com
Trellian Pty. Limited
AU
unknown
3384
iexplore.exe
199.59.242.151:80
ww25.fannieae.com
Bodis, LLC
US
malicious
3384
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
2768
iexplore.exe
172.217.23.132:80
www.google.com
Google Inc.
US
whitelisted
2768
iexplore.exe
216.58.207.74:443
fonts.googleapis.com
Google Inc.
US
whitelisted
2768
iexplore.exe
104.17.251.106:443
www.advconversion.com
Cloudflare Inc
US
shared
3384
iexplore.exe
31.24.224.155:443
www.dailyentertain.com
UK-2 Limited
GB
unknown
2768
iexplore.exe
31.24.224.155:443
www.dailyentertain.com
UK-2 Limited
GB
unknown
2768
iexplore.exe
151.139.128.10:443
ny18568.com
Highwinds Network Group, Inc.
US
malicious

DNS requests

Domain
IP
Reputation
fannieae.com
  • 103.224.182.252
malicious
ww25.fannieae.com
  • 199.59.242.151
malicious
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
www.google.com
  • 172.217.23.132
whitelisted
fonts.googleapis.com
  • 216.58.207.74
whitelisted
fonts.gstatic.com
  • 172.217.21.227
whitelisted
ny18568.com
  • 151.139.128.10
malicious
www.advconversion.com
  • 104.17.251.106
  • 104.17.247.106
  • 104.17.249.106
  • 104.17.250.106
  • 104.17.248.106
suspicious
www.dailyentertain.com
  • 31.24.224.155
unknown

Threats

No threats detected
No debug info