URL:

https://urlday.cc/n36yq

Full analysis: https://app.any.run/tasks/de414912-f182-4d0c-b5f6-8037edc5ece9
Verdict: Malicious activity
Analysis date: February 05, 2024, 05:12:13
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

FFF6DCB1A03379BB062ED80B37BDD606

SHA1:

0D88CC60F499C03CE9C6B10A1D8A5AADB37EA2AF

SHA256:

9401538ED5AE16B9DE3B9274F95DEAB303FDFDD4F7A7267197D2A5289F027BF6

SSDEEP:

3:N8UycLRDB:2UPLRd

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • msdt.exe (PID: 3356)

    • Reads settings of System Certificates

      • msdt.exe (PID: 3356)

    • Reads the Internet Settings

      • sdiagnhost.exe (PID: 3752)

  • INFO

    • Drops the executable file immediately after the start

      • msdt.exe (PID: 3356)

    • Create files in a temporary directory

      • msdt.exe (PID: 3356)

    • Reads security settings of Internet Explorer

      • sdiagnhost.exe (PID: 3752)
      • msdt.exe (PID: 3356)

    • Creates files or folders in the user directory

      • msdt.exe (PID: 3356)

    • Application launched itself

      • iexplore.exe (PID: 1504)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
41
Monitored processes
4
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe msdt.exe no specs sdiagnhost.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1172"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1504 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
1504"C:\Program Files\Internet Explorer\iexplore.exe" "https://urlday.cc/n36yq"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3356 -modal 655892 -skip TRUE -path C:\Windows\diagnostics\system\networking -af C:\Users\admin\AppData\Local\Temp\NDF54DB.tmp -ep NetworkDiagnosticsWebC:\Windows\System32\msdt.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Diagnostics Troubleshooting Wizard
Exit code:
4294967295
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msdt.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3752C:\Windows\System32\sdiagnhost.exe -EmbeddingC:\Windows\System32\sdiagnhost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Scripted Diagnostics Native Host
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\sdiagnhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
Total events
20 641
Read events
20 540
Write events
95
Delete events
6

Modification events

(PID) Process:(1504) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(1504) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(1504) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(1504) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(1504) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(1504) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(1504) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(1504) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(1504) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(1504) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
2
Suspicious files
23
Text files
34
Unknown types
0

Dropped files

PID
Process
Filename
Type
1172iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:8F2143244A0EC0829AB7B478D508221E
SHA256:9A803B71748B9909125D7EFBA60C5FD9F72F7BB2FE1139E2D14BDE8A9A8AF880
1172iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZCYDGLZE.txttext
MD5:F05213CA8DDDF93992CC03E13D4FB132
SHA256:6AB056DF52353D023149DD2140E2A6E96DB5160BB46C4D2DE4F89E1CA187694E
1172iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1B1495DD322A24490E2BF2FAABAE1C61binary
MD5:84602A427EEC93E18064D4DFE71F8811
SHA256:5F0A4C5E4F6DD86DBA4A7185FCFDC526E79E31F96BC548EB436709C71D589F35
1172iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\E5HLTQZC.txttext
MD5:1EFC57291F014C0383B4EEEC67047713
SHA256:2A60CECADD41E9C70FE9BC190385517FB34421EFF23798C7DE8E7C286AF30EDE
1172iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\K6P2YY3V.txttext
MD5:A46D2EA03EDA549E48649E86E02214C4
SHA256:C6DE282776DCDAE2B9414DA9237E0753BAE0917553A554FE3432E5FCAF799630
1172iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Tar388A.tmpbinary
MD5:9C0C641C06238516F27941AA1166D427
SHA256:4276AF3669A141A59388BC56A87F6614D9A9BDDDF560636C264219A7EB11256F
1172iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\1I43IN2A.txttext
MD5:C15C8738EF2540D90ACAC6AE87B8C72B
SHA256:4E5D948664F959F7BF3F74EBDD474FABAB88F64BCB6CC23A59C72EF405D2A027
1504iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118Abinary
MD5:A1E0D07666D36FB36727F60DC0B3095C
SHA256:7230890A5BF83B5878B2D9AB6D94A234979D14D8D4F1DC57BB75B6498101D8EC
1172iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\EION1HT1.txttext
MD5:984E348AE5A4535457362C5F62DCA886
SHA256:8F3CE9A532106189EBE59714E34D8BBBE109E7CA7F71429C13665A41907C41EF
1504iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118Abinary
MD5:D2C8AA64314F0803B5B78ACA8FF5D480
SHA256:8632F9A9B067298BB79B0B73578784FE0FA677287734F779BF6DD15E0D025688
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
10
TCP/UDP connections
20
DNS requests
14
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1172
iexplore.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?1e96081ee66de808
unknown
unknown
1172
iexplore.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?94efb324901b4675
unknown
compressed
65.2 Kb
unknown
1172
iexplore.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?245ab6ffaf4de696
unknown
unknown
1172
iexplore.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?58b09451c6662268
unknown
compressed
65.2 Kb
unknown
1172
iexplore.exe
GET
200
69.192.161.44:80
http://x1.c.lencr.org/
unknown
binary
717 b
unknown
1172
iexplore.exe
GET
200
69.192.161.44:80
http://x2.c.lencr.org/
unknown
binary
300 b
unknown
1504
iexplore.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?95d95b669c097e41
unknown
unknown
1504
iexplore.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?5565915fab5f2bac
unknown
unknown
1504
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAzlnDD9eoNTLi0BRrMy%2BWU%3D
unknown
binary
313 b
unknown
1504
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
binary
471 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
1172
iexplore.exe
104.21.88.223:443
urlday.cc
CLOUDFLARENET
unknown
4
System
192.168.100.255:138
whitelisted
1172
iexplore.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
1172
iexplore.exe
69.192.161.44:80
x1.c.lencr.org
AKAMAI-AS
DE
unknown
1504
iexplore.exe
104.126.37.139:443
www.bing.com
Akamai International B.V.
DE
unknown
1504
iexplore.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
1504
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
828
svchost.exe
104.21.88.223:443
urlday.cc
CLOUDFLARENET
unknown

DNS requests

Domain
IP
Reputation
urlday.cc
  • 104.21.88.223
  • 172.67.153.197
unknown
ctldl.windowsupdate.com
  • 93.184.221.240
whitelisted
x1.c.lencr.org
  • 69.192.161.44
whitelisted
x2.c.lencr.org
  • 69.192.161.44
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 104.126.37.139
  • 104.126.37.145
  • 104.126.37.131
  • 104.126.37.128
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
zendesk-okta.com
unknown
www.urlday.com
  • 188.114.96.3
  • 188.114.97.3
unknown
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted

Threats

PID
Process
Class
Message
1080
svchost.exe
Potentially Bad Traffic
ET DNS Query for .cc TLD
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://urlday.cc/n36yq