URL:

https://links.transactional.life360.com/ls/click?upn=u001.OFDA2n5-2Bvp1ouOZKV5tPaiI0jaVLjE9yviltP4pE-2F-2FMExXFRhIAJ-2FHRcBlvNjspKHt-2Bo1-2Fl4dv2DbiG3756bPQ-3D-3DZVZc_NICmdJmgAX-2BZuq1pnxAj6c9gurU5lie7AJHqbxVbyypInJR146jD2x0rmIQeLo2FpfNtf4aZMWFmyqF1jp3H-2FTbyQevdAzFwab6xspSevsytDaoD-2FgPma7GWrehhgZcaNGbQx002Lhep4Vh-2BHj9hn9Zl-2FXh-2FFOceeEyOcDtTcq7eP63j6PC0Q5kJYvNR2TQXPQXLzOrYQMp65fa3zX7JP2ijM4wFumNynLI9HyvD-2BRZTV5m6db8kKb-2B9VWbu7Cm-2BDol27A6kt-2BdCWdzw6ykwG-2BKAj2adQKnkfF9sDoK2YXJE7Tlcdd06aliRf-2BhEn9x1ufkOjhGPKVDljJf-2F4W5Kxs123tkFANxuNvAGJXmNWt1o0XE791bVdlxlRCOUJfT-2FPIEqDfawcS7NN4uWnpDmT-2FHw6szO6M4-2FN9mvPrNissvm7L8DoyLTinK94FVd-2FoIvM5p6CqZkyi9OsKBHBC0h1FQadSnO6cFfiU9Nlr1gtmOYmosuTbpD8rj1Ay3VzBt-2BQvVE3cgNEvNAGxcp6n9P-2BzEq5e3cvs9vkCEg2dKwBa7ehN-2B3lmSweT1ryPLyTMyCG-2BptB4XTvbFcktm14Qd44dezlTC-2FMa5zSkv2Nij6iGDlQIL4KHaxRBMOSQpfGnuk0jiFR8EU4L8LhXh1MbH51lzyVwx9HSYwdE3665fjXvRJz16FPdvD60Ivf2Mx5z06uU23DsxG9egZa40IYVnXFNVUI9xZUcXUJey-2BfiryjgyNJtvCDFPTcqtA97Px-2FywT

Full analysis: https://app.any.run/tasks/0ff3b4c9-5eb8-4a36-8d6a-9ceef3a8a869
Verdict: Malicious activity
Analysis date: March 25, 2024, 03:24:04
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

9D37DB360EC77E09EF73CD09536EA560

SHA1:

C39DDC70C1B0796E2517E0102BD43D53C144B585

SHA256:

9395C6284663D46A97899B455614A3D5AE99B572A732B2B095A45F1BE8194CF9

SSDEEP:

24:2EAqq2/NZxccQ7lCwXDpEtc3upKGaslpcTTy4RIi6+9lM8:XCUrQIcUKGa7TT/eK9u8

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 3992)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
39
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2860"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3992 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3992"C:\Program Files\Internet Explorer\iexplore.exe" "https://links.transactional.life360.com/ls/click?upn=u001.OFDA2n5-2Bvp1ouOZKV5tPaiI0jaVLjE9yviltP4pE-2F-2FMExXFRhIAJ-2FHRcBlvNjspKHt-2Bo1-2Fl4dv2DbiG3756bPQ-3D-3DZVZc_NICmdJmgAX-2BZuq1pnxAj6c9gurU5lie7AJHqbxVbyypInJR146jD2x0rmIQeLo2FpfNtf4aZMWFmyqF1jp3H-2FTbyQevdAzFwab6xspSevsytDaoD-2FgPma7GWrehhgZcaNGbQx002Lhep4Vh-2BHj9hn9Zl-2FXh-2FFOceeEyOcDtTcq7eP63j6PC0Q5kJYvNR2TQXPQXLzOrYQMp65fa3zX7JP2ijM4wFumNynLI9HyvD-2BRZTV5m6db8kKb-2B9VWbu7Cm-2BDol27A6kt-2BdCWdzw6ykwG-2BKAj2adQKnkfF9sDoK2YXJE7Tlcdd06aliRf-2BhEn9x1ufkOjhGPKVDljJf-2F4W5Kxs123tkFANxuNvAGJXmNWt1o0XE791bVdlxlRCOUJfT-2FPIEqDfawcS7NN4uWnpDmT-2FHw6szO6M4-2FN9mvPrNissvm7L8DoyLTinK94FVd-2FoIvM5p6CqZkyi9OsKBHBC0h1FQadSnO6cFfiU9Nlr1gtmOYmosuTbpD8rj1Ay3VzBt-2BQvVE3cgNEvNAGxcp6n9P-2BzEq5e3cvs9vkCEg2dKwBa7ehN-2B3lmSweT1ryPLyTMyCG-2BptB4XTvbFcktm14Qd44dezlTC-2FMa5zSkv2Nij6iGDlQIL4KHaxRBMOSQpfGnuk0jiFR8EU4L8LhXh1MbH51lzyVwx9HSYwdE3665fjXvRJz16FPdvD60Ivf2Mx5z06uU23DsxG9egZa40IYVnXFNVUI9xZUcXUJey-2BfiryjgyNJtvCDFPTcqtA97Px-2FywT"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
24 870
Read events
24 732
Write events
95
Delete events
43

Modification events

(PID) Process:(3992) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(3992) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
(PID) Process:(3992) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31096419
(PID) Process:(3992) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
(PID) Process:(3992) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31096419
(PID) Process:(3992) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3992) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3992) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3992) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3992) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
0
Suspicious files
25
Text files
29
Unknown types
9

Dropped files

PID
Process
Filename
Type
2860iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62binary
MD5:14EAC3076254F211CB5F17BB538E2390
SHA256:D3FB96DF52B9A77F1A06941A25761F921D80FC9F3B4845C501F15984E34E9EAD
2860iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:60B8E0960D7A75F3301D1D6A216810B6
SHA256:004DC1FDBB6E2DE97D9111A6B66F197F2B098B6A349A7313D564BE6C3C6180F7
2860iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894der
MD5:61F24D987FDD82793353C69C8935393B
SHA256:4CDF4FD16BB7D1B4A4E2A68CA2E19527AEB6490ABCE4CC3F16255C980521F62A
2860iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62der
MD5:E119DC44CCAE6498991F0A3FA4DB4C64
SHA256:037AC4434598911701A39FE0C0BC4B61A7250106E2517E05B9C0382D6A7BEA2A
2860iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27binary
MD5:28ECEE17EFF956EE66A0541C425FA56D
SHA256:2FA6E69D37BC7C6F0E1BD38C8CAF3CFBEBB73243B35E45EEF94667FDA28389C7
2860iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\terms_of_use[1].htmtext
MD5:FDA44910DEB1A460BE4AC5D56D61D837
SHA256:933B971C6388D594A23FA1559825DB5BEC8ADE2DB1240AA8FC9D0C684949E8C9
2860iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\9MW4HUUC.txttext
MD5:CA8CFE7E334CA315EBB7C4B9883549A6
SHA256:F5F52BA04B04B8A628003E222C2FCE9A645FA5922C806529C1E21AF8C5172FA6
2860iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Tar2C2C.tmpbinary
MD5:DD73CEAD4B93366CF3465C8CD32E2796
SHA256:A6752B7851B591550E4625B832A393AABCC428DE18D83E8593CD540F7D7CAE22
2860iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\16124856472471-Life360-Terms-of-Service[1].htmhtml
MD5:F7EF5B123FAA5BD7D8EE29EAF25759FD
SHA256:81A94BE54ED936D27834A01F666F620869E8226F8A77CF2359CC4776C03AD1F7
2860iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\otSDKStub[1].jstext
MD5:FF6F24FF2BCEEDF28372CA7B184B8972
SHA256:D85E4DCB52CE714C7136EB95A32765325205A4AABDB51932BD9024C400BE665D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
25
TCP/UDP connections
63
DNS requests
23
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2860
iexplore.exe
GET
304
23.32.238.219:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?4a9ffd2bb8e04402
unknown
unknown
2860
iexplore.exe
GET
304
23.32.238.219:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?a08f35fbea17b647
unknown
unknown
2860
iexplore.exe
GET
200
108.138.2.107:80
http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D
unknown
binary
2.02 Kb
unknown
2860
iexplore.exe
GET
200
18.245.39.64:80
http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D
unknown
binary
1.49 Kb
unknown
2860
iexplore.exe
GET
200
18.245.39.64:80
http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwdzEkzUBtJnwJkc3SmanzgxeYU%3D
unknown
binary
1.37 Kb
unknown
2860
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D
unknown
binary
1.47 Kb
unknown
2860
iexplore.exe
GET
200
23.32.238.219:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?72b10ce7b6e6445b
unknown
compressed
67.5 Kb
unknown
2860
iexplore.exe
GET
200
23.32.238.219:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?bf42c76ed8a046a0
unknown
compressed
67.5 Kb
unknown
2860
iexplore.exe
GET
200
23.32.238.219:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?8e08dd7dd1b6f19c
unknown
compressed
67.5 Kb
unknown
2860
iexplore.exe
GET
200
23.32.238.219:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?6d4cc186fce3f7db
unknown
compressed
67.5 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
2860
iexplore.exe
13.32.121.91:443
links.transactional.life360.com
AMAZON-02
US
unknown
2860
iexplore.exe
23.32.238.219:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
2860
iexplore.exe
108.138.2.107:80
o.ss2.us
AMAZON-02
US
whitelisted
2860
iexplore.exe
18.245.39.64:80
ocsp.rootg2.amazontrust.com
US
unknown
2860
iexplore.exe
172.64.150.16:443
www.life360.com
CLOUDFLARENET
US
unknown
2860
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
2860
iexplore.exe
104.16.53.111:443
life360-legal.zendesk.com
CLOUDFLARENET
shared

DNS requests

Domain
IP
Reputation
links.transactional.life360.com
  • 13.32.121.91
  • 13.32.121.62
  • 13.32.121.32
  • 13.32.121.52
malicious
ctldl.windowsupdate.com
  • 23.32.238.219
  • 23.32.238.232
  • 23.32.238.201
whitelisted
o.ss2.us
  • 108.138.2.107
  • 108.138.2.10
  • 108.138.2.195
  • 108.138.2.173
whitelisted
ocsp.rootg2.amazontrust.com
  • 18.245.39.64
whitelisted
ocsp.rootca1.amazontrust.com
  • 18.245.39.64
shared
www.life360.com
  • 172.64.150.16
  • 104.18.37.240
malicious
ocsp.digicert.com
  • 192.229.221.95
whitelisted
life360-legal.zendesk.com
  • 104.16.53.111
  • 104.16.51.111
unknown
static.zdassets.com
  • 104.18.72.113
  • 104.18.70.113
whitelisted
p23.zdassets.com
  • 104.18.72.113
  • 104.18.70.113
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://links.transactional.life360.com/ls/click?upn=u001.OFDA2n5-2Bvp1ouOZKV5tPaiI0jaVLjE9yviltP4pE-2F-2FMExXFRhIAJ-2FHRcBlvNjspKHt-2Bo1-2Fl4dv2DbiG3756bPQ-3D-3DZVZc_NICmdJmgAX-2BZuq1pnxAj6c9gurU5lie7AJHqbxVbyypInJR146jD2x0rmIQeLo2FpfNtf4aZMWFmyqF1jp3H-2FTbyQevdAzFwab6xspSevsytDaoD-2FgPma7GWrehhgZcaNGbQx002Lhep4Vh-2BHj9hn9Zl-2FXh-2FFOceeEyOcDtTcq7eP63j6PC0Q5kJYvNR2TQXPQXLzOrYQMp65fa3zX7JP2ijM4wFumNynLI9HyvD-2BRZTV5m6db8kKb-2B9VWbu7Cm-2BDol27A6kt-2BdCWdzw6ykwG-2BKAj2adQKnkfF9sDoK2YXJE7Tlcdd06aliRf-2BhEn9x1ufkOjhGPKVDljJf-2F4W5Kxs123tkFANxuNvAGJXmNWt1o0XE791bVdlxlRCOUJfT-2FPIEqDfawcS7NN4uWnpDmT-2FHw6szO6M4-2FN9mvPrNissvm7L8DoyLTinK94FVd-2FoIvM5p6CqZkyi9OsKBHBC0h1FQadSnO6cFfiU9Nlr1gtmOYmosuTbpD8rj1Ay3VzBt-2BQvVE3cgNEvNAGxcp6n9P-2BzEq5e3cvs9vkCEg2dKwBa7ehN-2B3lmSweT1ryPLyTMyCG-2BptB4XTvbFcktm14Qd44dezlTC-2FMa5zSkv2Nij6iGDlQIL4KHaxRBMOSQpfGnuk0jiFR8EU4L8LhXh1MbH51lzyVwx9HSYwdE3665fjXvRJz16FPdvD60Ivf2Mx5z06uU23DsxG9egZa40IYVnXFNVUI9xZUcXUJey-2BfiryjgyNJtvCDFPTcqtA97Px-2FywT