analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
download:

index.html

Full analysis: https://app.any.run/tasks/dc1e6d1a-daf5-44e8-8f8b-55732114ef92
Verdict: Malicious activity
Analysis date: February 21, 2020, 16:06:22
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/html
File info: HTML document, ASCII text
MD5:

D778532C22928556A2F6975C3D2616AB

SHA1:

F91F12F287881A56908F62BCF8AC45C64E347D71

SHA256:

8FCE6CACF26AD8092FEA7579D4CC8CB2B82A1B02DB1A8777A0A00E55EF16C7A9

SSDEEP:

6:qF5XfbvC9eGD7EqfcIF+7He50AS3BR9PObq2PJHX4Qv:8Xfbcee7EqfcIc7hAylObq+JHoQv

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 3432)
      • iexplore.exe (PID: 3376)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3376)
      • iexplore.exe (PID: 2960)

    • Changes internet zones settings

      • iexplore.exe (PID: 3376)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3432)

    • Manual execution by user

      • opera.exe (PID: 3000)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 3432)
      • iexplore.exe (PID: 3376)

    • Creates files in the user directory

      • iexplore.exe (PID: 3376)
      • opera.exe (PID: 3000)

    • Changes settings of System certificates

      • iexplore.exe (PID: 3432)
      • iexplore.exe (PID: 3376)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 3432)
      • iexplore.exe (PID: 3376)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.html | HyperText Markup Language (100)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
4
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe iexplore.exe no specs opera.exe

Process information

PID
CMD
Path
Indicators
Parent process
3376"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\index.htmlC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3432"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3376 CREDAT:144385 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
2960"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3376 CREDAT:333057 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3000"C:\Program Files\Opera\opera.exe" C:\Program Files\Opera\opera.exe
explorer.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera Internet Browser
Version:
1748
Modules
Images
c:\program files\opera\opera.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\rpcrt4.dll
Total events
11 803
Read events
1 428
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
55
Text files
48
Unknown types
2

Dropped files

PID
Process
Filename
Type
3376iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3000opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\opr2771.tmp
MD5:
SHA256:
3000opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\opr27B0.tmp
MD5:
SHA256:
3000opera.exeC:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00001.tmp
MD5:
SHA256:
3000opera.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\4PMMPBS2N8SG1H9QNI3N.temp
MD5:
SHA256:
3432iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\nv[1].jstext
MD5:8D1768468AFD9ADE566FCC7C1D63FFF9
SHA256:1A7DA2F0016680A885E0DFC0DF3B4E2424E06DD7163AB1A7A2EAB2FFDEFE5F65
3000opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.initext
MD5:DCE0B8372C285F3327709E273B37C36F
SHA256:AC87F702C9DD6F050C8F39B123F65CACA9D424D8BA7210CD84C856D9DEC4E940
3432iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\nv[1].jstext
MD5:8D1768468AFD9ADE566FCC7C1D63FFF9
SHA256:1A7DA2F0016680A885E0DFC0DF3B4E2424E06DD7163AB1A7A2EAB2FFDEFE5F65
3000opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xmlxml
MD5:AAC10BD49D99130B0A1E8870D9AA2F04
SHA256:5A53A9340A1A0DA863B04DFCCED36EDA1F6DA2EDDA1A9701D596244022C18525
3376iexplore.exeC:\Users\admin\AppData\Local\Temp\Tar6C4B.tmp
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
36
TCP/UDP connections
53
DNS requests
32
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3432
iexplore.exe
GET
200
51.68.229.32:80
http://streamedia.icu/nv.js?stream
GB
text
92.7 Kb
unknown
3432
iexplore.exe
GET
200
51.68.229.32:80
http://streamedia.icu/nv.js?stream
GB
text
92.7 Kb
unknown
3000
opera.exe
GET
200
172.217.16.174:80
http://clients1.google.com/complete/search?q=Create+folders+/+append+data&client=opera-suggest-omnibox&hl=de
US
text
149 b
whitelisted
3376
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D
US
der
1.47 Kb
whitelisted
3000
opera.exe
GET
200
172.217.23.99:80
http://ocsp.pki.goog/gts1o1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEDceXlqmGpr8AgAAAABZcjQ%3D
US
der
471 b
whitelisted
3000
opera.exe
GET
200
172.217.16.163:80
http://crl.pki.goog/gsr2/gsr2.crl
US
der
950 b
whitelisted
3000
opera.exe
GET
302
172.217.21.195:80
http://www.google.com.ua/search?client=opera&q=Create+folders+/+append+data&sourceid=opera&ie=utf-8&oe=utf-8&channel=suggest
US
html
357 b
whitelisted
3000
opera.exe
GET
200
93.184.220.29:80
http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl
US
der
564 b
whitelisted
3376
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D
US
der
1.47 Kb
whitelisted
3000
opera.exe
GET
302
172.217.21.195:80
http://www.google.com.ua/search?q=Create+folders+/+append+data&sourceid=opera&ie=utf-8&oe=utf-8&channel=suggest
US
html
341 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3376
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3376
iexplore.exe
152.199.19.161:443
iecvlist.microsoft.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3432
iexplore.exe
51.68.229.32:80
streamedia.icu
GB
unknown
3000
opera.exe
185.26.182.111:80
sitecheck2.opera.com
Opera Software AS
whitelisted
3432
iexplore.exe
152.199.19.161:443
iecvlist.microsoft.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3000
opera.exe
185.26.182.93:443
certs.opera.com
Opera Software AS
whitelisted
3000
opera.exe
185.26.182.94:80
certs.opera.com
Opera Software AS
whitelisted
3376
iexplore.exe
93.184.220.29:80
crl4.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3000
opera.exe
172.217.16.174:80
clients1.google.com
Google Inc.
US
whitelisted
3000
opera.exe
172.217.21.195:80
www.google.com.ua
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
streamedia.icu
  • 51.68.229.32
unknown
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted
certs.opera.com
  • 185.26.182.93
  • 185.26.182.94
whitelisted
crl4.digicert.com
  • 93.184.220.29
whitelisted
clients1.google.com
  • 172.217.16.174
whitelisted
www.google.com.ua
  • 172.217.21.195
whitelisted
sitecheck2.opera.com
  • 185.26.182.94
  • 185.26.182.111
  • 185.26.182.112
  • 185.26.182.93
whitelisted

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET INFO DNS Query for Suspicious .icu Domain
Potentially Bad Traffic
ET INFO DNS Query for Suspicious .icu Domain
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
index.html