analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://app.any.run/tasks/3c66ffc6-92e5-4f4a-8d82-d18e555d5e98/

Full analysis: https://app.any.run/tasks/644ea94e-1e30-4802-8700-29338771a06c
Verdict: Malicious activity
Analysis date: January 15, 2022, 01:00:36
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

9411C1409B1CACEE47C423017E131F99

SHA1:

1F17530B91846307A63C48767E67C5F18688AC72

SHA256:

942106CC0FB33F6184AF11A5D267D043631F522102310B9AC36780F14FBDFBE9

SSDEEP:

3:N8a3XQtnchAiEds+QzdK:2aQKhAPds7dK

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 2708)

  • INFO

    • Checks supported languages

      • iexplore.exe (PID: 2708)
      • iexplore.exe (PID: 1252)

    • Reads the computer name

      • iexplore.exe (PID: 1252)
      • iexplore.exe (PID: 2708)

    • Application launched itself

      • iexplore.exe (PID: 1252)

    • Changes internet zones settings

      • iexplore.exe (PID: 1252)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 2708)
      • iexplore.exe (PID: 1252)

    • Reads the date of Windows installation

      • iexplore.exe (PID: 1252)

    • Creates files in the user directory

      • iexplore.exe (PID: 2708)

    • Checks Windows Trust Settings

      • iexplore.exe (PID: 1252)
      • iexplore.exe (PID: 2708)

    • Reads internet explorer settings

      • iexplore.exe (PID: 2708)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
1252"C:\Program Files\Internet Explorer\iexplore.exe" "https://app.any.run/tasks/3c66ffc6-92e5-4f4a-8d82-d18e555d5e98/"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2708"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1252 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
Total events
20 162
Read events
20 006
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
30
Text files
56
Unknown types
39

Dropped files

PID
Process
Filename
Type
2708iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_E5B132B41B26E2FD23A912C0CB5FBCBAbinary
MD5:608753D5D5F6D2F5DA1977A7F454482E
SHA256:E79C2D6A519E3D7605D2FFDAFDF28B36E20B9ED4AC309E4599BE86CAD20843BA
2708iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAder
MD5:2663BED1F902BED00647B84FABBF8DEA
SHA256:7A3C6A8BE401F6DE91999C00919EA0F3BDCF80D06EB0E8A15D801F8F9A465DE9
2708iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAbinary
MD5:770CD5A7D74B21A39BE04938156121A4
SHA256:403C162904ADB145B7E2C6B7DA1EFAAA51954C9C15FC5EBBA8F8CC263B27BEE8
2708iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:A4497CA59AAC20C057352671015D39A7
SHA256:B227EE2C5778D7A62D8E897C88A71773A20556778E404F4E9D2EB0A382F1C8DA
2708iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_E5B132B41B26E2FD23A912C0CB5FBCBAder
MD5:C4815BBDDDD37A45A6DF78B6C330D07C
SHA256:29E78BF056E19E529BD143D9C325AE9FF506C0B25B5B8C477171575D5D081186
2708iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\checkIE[1].jshtml
MD5:787CADEF3B23DB6ECD2F516F85FB0C6B
SHA256:40BA3408A52D727FE8154F76618D30FDA62617D534589C7A43E2C35B09CE062E
2708iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_A01EFC9EF87B331821A80D893F4D7FE8binary
MD5:9612111B0C5D729A0CF160AF4906189B
SHA256:7D5DFC8397AD2711FF59C08CBC3611D571AC6EAD897B95609F896B5368CDB3F9
2708iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27der
MD5:BEAB9DA0AA8E569DD7B0DEDBA4676D02
SHA256:7C5EE0FF5ECD229BA442C639096CFB79D50D7FC6841A8E99693393A920A70C33
2708iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\gtm[1].jstext
MD5:14731941B6CB21463355039CC92D6C6F
SHA256:7159EA9C4B185CD59D00E938B424F72D8C0469E848F0A27BE9EAB032A703CE23
2708iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAder
MD5:64E9B8BB98E2303717538CE259BEC57D
SHA256:76BD459EC8E467EFC3E3FB94CB21B9C77A2AA73C9D4C0F3FAF823677BE756331
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
21
TCP/UDP connections
79
DNS requests
26
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2708
iexplore.exe
GET
200
142.250.185.195:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIAjrICMzZli2TN25s%3D
US
der
724 b
whitelisted
2708
iexplore.exe
GET
200
142.250.185.195:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQD1gKWbifArxwoAAAABJ9nk
US
der
472 b
whitelisted
2708
iexplore.exe
GET
200
142.250.185.195:80
http://ocsp.pki.goog/gts1d4/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSMBFDqU0NJQdZdEGU3bkhj0FoRrQQUJeIYDrJXkZQq5dRdhpCD3lOzuJICEFvU5Zy%2BDMf9CQAAAADqT78%3D
US
der
471 b
whitelisted
2708
iexplore.exe
GET
200
142.250.185.195:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEF%2BccF0YwkYICgAAAAEn4ho%3D
US
der
471 b
whitelisted
2708
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D
US
der
1.47 Kb
whitelisted
2708
iexplore.exe
GET
200
142.250.185.195:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCCq2t14DFKuAoAAAABJ9n3
US
der
472 b
whitelisted
2708
iexplore.exe
GET
200
142.250.185.195:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQDR1%2F9RZzWDFAoAAAABJ9zo
US
der
472 b
whitelisted
2708
iexplore.exe
GET
200
142.250.185.195:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
US
der
724 b
whitelisted
2708
iexplore.exe
GET
200
142.250.185.195:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQD1gKWbifArxwoAAAABJ9nk
US
der
472 b
whitelisted
2708
iexplore.exe
GET
200
142.250.185.195:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
US
der
1.41 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2708
iexplore.exe
142.250.186.106:443
fonts.googleapis.com
Google Inc.
US
whitelisted
2708
iexplore.exe
142.250.185.68:443
www.google.com
Google Inc.
US
whitelisted
2708
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2708
iexplore.exe
142.250.181.227:443
www.gstatic.com
Google Inc.
US
whitelisted
2708
iexplore.exe
142.250.186.174:443
www.google-analytics.com
Google Inc.
US
whitelisted
2708
iexplore.exe
142.250.185.232:443
www.googletagmanager.com
Google Inc.
US
suspicious
2708
iexplore.exe
8.253.204.121:80
ctldl.windowsupdate.com
Global Crossing
US
malicious
2708
iexplore.exe
172.67.20.89:443
app.any.run
US
malicious
2708
iexplore.exe
142.250.185.195:80
ocsp.pki.goog
Google Inc.
US
whitelisted
2708
iexplore.exe
67.26.139.254:80
ctldl.windowsupdate.com
Level 3 Communications, Inc.
US
suspicious

DNS requests

Domain
IP
Reputation
app.any.run
  • 172.67.20.89
  • 104.22.48.74
  • 104.22.49.74
whitelisted
ctldl.windowsupdate.com
  • 67.26.139.254
  • 67.27.235.254
  • 8.253.95.120
  • 8.248.119.254
  • 8.253.204.121
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
fonts.googleapis.com
  • 142.250.186.106
whitelisted
ocsp.pki.goog
  • 142.250.185.195
whitelisted
www.googletagmanager.com
  • 142.250.185.232
whitelisted
www.google.com
  • 142.250.185.68
whitelisted
www.gstatic.com
  • 142.250.181.227
whitelisted
www.google-analytics.com
  • 142.250.186.174
whitelisted
www.googleadservices.com
  • 142.250.185.66
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://app.any.run/tasks/3c66ffc6-92e5-4f4a-8d82-d18e555d5e98/