analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
download:

index.html

Full analysis: https://app.any.run/tasks/14424793-c7ee-47b8-82a0-c1190df27793
Verdict: Malicious activity
Analysis date: February 22, 2020, 14:42:12
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/html
File info: HTML document, UTF-8 Unicode text, with very long lines
MD5:

FF64BF94FBDF7C6E851EF18E7E5A85FA

SHA1:

56B44222A3F2FBE60119BFC5197AF7780A59895C

SHA256:

93D6F0B534767FCA911D0D600DF63F7F132CBC722C33BAB8261F7A5475A49B67

SSDEEP:

1536:n+s5TSyMXZ38yAnBBSLCHNwHhLpL+RWTIP90PYfbAwpfHathn5:FXnOauF+QTenfk

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 2892)

    • Creates files in the user directory

      • iexplore.exe (PID: 2756)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 2892)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3108)
      • iexplore.exe (PID: 2756)

    • Changes internet zones settings

      • iexplore.exe (PID: 2892)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 2756)

    • Changes settings of System certificates

      • iexplore.exe (PID: 2756)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 2756)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.htm/html | HyperText Markup Language with DOCTYPE (80.6)
.html | HyperText Markup Language (19.3)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2892"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\index.html.htmC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
2756"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2892 CREDAT:144385 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
3489660927
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
3108"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2892 CREDAT:340995 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Total events
4 499
Read events
628
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
52
Text files
16
Unknown types
27

Dropped files

PID
Process
Filename
Type
2892iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
2756iexplore.exeC:\Users\admin\AppData\Local\Temp\CabC9E0.tmp
MD5:
SHA256:
2756iexplore.exeC:\Users\admin\AppData\Local\Temp\TarC9E1.tmp
MD5:
SHA256:
2756iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288Bbinary
MD5:A91B5C4CB81863ED3C47780EA4DE7268
SHA256:7B0F017F9C6B2EFC6E30DD96DE2B66F9482D8366811D973B0B6D762AF3C5CBFA
2756iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\js[1].jstext
MD5:E5C7D0CFE5B5C50786F0E006484D7A13
SHA256:2FA0E6A737F209FDC7DD1F5898FCA5AC78FB2E87C73C8609F583CAB13B95364C
2756iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288Bder
MD5:E550DA03AEE5B546B436CD553D3233B9
SHA256:9ABFD4E29B96CCA442502B1DE6071FE0293455DF22B4EFF19FA3E6DF060947E7
2756iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_4D95D2CC90050ED69FBE26D775AA3232der
MD5:6258559EF737B1D9FB0FD7F2F74CB186
SHA256:6C500A9F86D47CF4C96D3065C3A005186CE5B645A09BDC5C828051AA4E11C7A3
2756iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_329633C46DA5FE1701DC8ADF1A383981binary
MD5:4137F771D2E8BEB78E37B2A4B8C9B2A7
SHA256:CD350828BBD7EBA6A55F9D99D8387863DD107637643197A0951FF55F6C26BF14
2756iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_329633C46DA5FE1701DC8ADF1A383981der
MD5:E688F740A983B7AAC74C5220E59A380E
SHA256:BDD7CA9DCB5B4B137CDFDCEB98BC1C2E4867B8FF6B2FEA61B1DDA3BA814FA943
2756iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\DTI6C8B8.txt
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
25
TCP/UDP connections
45
DNS requests
25
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2756
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2Fz5hY5qj0aEmX0H4s05bY%3D
US
der
1.47 Kb
whitelisted
2756
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2Fz5hY5qj0aEmX0H4s05bY%3D
US
der
1.47 Kb
whitelisted
2756
iexplore.exe
GET
200
172.217.16.195:80
http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D
US
der
468 b
whitelisted
2756
iexplore.exe
GET
200
172.217.16.195:80
http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCv2pgtDmXnZAgAAAAALnDT
US
der
472 b
whitelisted
2756
iexplore.exe
GET
200
192.124.249.41:80
http://ocsp.godaddy.com//MEQwQjBAMD4wPDAJBgUrDgMCGgUABBTkIInKBAzXkF0Qh0pel3lfHJ9GPAQU0sSw0pHUTBFxs2HLPaH%2B3ahq1OMCAxvnFQ%3D%3D
US
der
1.66 Kb
whitelisted
2756
iexplore.exe
GET
200
192.124.249.41:80
http://ocsp.godaddy.com//MEQwQjBAMD4wPDAJBgUrDgMCGgUABBTkIInKBAzXkF0Qh0pel3lfHJ9GPAQU0sSw0pHUTBFxs2HLPaH%2B3ahq1OMCAxvnFQ%3D%3D
US
der
1.66 Kb
whitelisted
2756
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2Fz5hY5qj0aEmX0H4s05bY%3D
US
der
1.47 Kb
whitelisted
2756
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2Fz5hY5qj0aEmX0H4s05bY%3D
US
der
1.47 Kb
whitelisted
2756
iexplore.exe
GET
200
172.217.16.195:80
http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCgdZM8AVzzKAgAAAAALnDU
US
der
472 b
whitelisted
2756
iexplore.exe
GET
200
172.217.16.195:80
http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCgdZM8AVzzKAgAAAAALnDU
US
der
472 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3108
iexplore.exe
172.217.23.168:443
www.googletagmanager.com
Google Inc.
US
whitelisted
2756
iexplore.exe
172.217.16.195:80
ocsp.pki.goog
Google Inc.
US
whitelisted
4
System
216.58.205.226:139
pagead2.googlesyndication.com
Google Inc.
US
whitelisted
2756
iexplore.exe
192.0.76.3:443
stats.wp.com
Automattic, Inc
US
suspicious
4
System
216.58.205.226:445
pagead2.googlesyndication.com
Google Inc.
US
whitelisted
2756
iexplore.exe
216.58.205.226:443
pagead2.googlesyndication.com
Google Inc.
US
whitelisted
2892
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
2756
iexplore.exe
104.31.93.71:443
official-kmspico.com
Cloudflare Inc
US
unknown
2756
iexplore.exe
172.217.23.168:443
www.googletagmanager.com
Google Inc.
US
whitelisted
2756
iexplore.exe
172.217.22.46:443
www.google-analytics.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
www.googletagmanager.com
  • 172.217.23.168
whitelisted
pagead2.googlesyndication.com
  • 216.58.205.226
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
ocsp.pki.goog
  • 172.217.16.195
whitelisted
official-kmspico.com
  • 104.31.93.71
  • 104.31.92.71
unknown
stats.wp.com
  • 192.0.76.3
whitelisted
c0.wp.com
  • 192.0.77.37
whitelisted
www.google-analytics.com
  • 172.217.22.46
whitelisted
ocsp.godaddy.com
  • 192.124.249.41
  • 192.124.249.36
  • 192.124.249.23
  • 192.124.249.22
  • 192.124.249.24
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
index.html