analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://click.info.mailssenders.com/?qs=45cf561bddae04f619df3d5c4fbb835aa4b14ac658236c9f2f457b5f6ed0b15132c4cceca9cd4b96556af414311fba58a0ced33bb67c75de

Full analysis: https://app.any.run/tasks/38337785-1c1c-4245-a512-4951f52dac64
Verdict: Malicious activity
Analysis date: May 20, 2022, 18:30:50
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

23868BB581EA9DCE7C6DC7DE2A5B66AF

SHA1:

D8925C946236140417482312D2C04DBFABA3E2D5

SHA256:

955D91BF46D397157C911290B61E7AA46C7C4222A85F303780B2D3E473325D6E

SSDEEP:

3:N8UEMLDK8TWdnVDhbYxBQGb/CiEJhHHWMuWWcG1W8xwNDjEVXgWnHAn:2UEKDK+6Sb/CJJhnZZWtA7Wgn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 3200)
  • INFO

    • Checks supported languages

      • iexplore.exe (PID: 2960)
      • iexplore.exe (PID: 3200)
    • Reads the computer name

      • iexplore.exe (PID: 2960)
      • iexplore.exe (PID: 3200)
    • Application launched itself

      • iexplore.exe (PID: 2960)
    • Changes internet zones settings

      • iexplore.exe (PID: 2960)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 2960)
      • iexplore.exe (PID: 3200)
    • Reads internet explorer settings

      • iexplore.exe (PID: 3200)
    • Creates files in the user directory

      • iexplore.exe (PID: 3200)
    • Checks Windows Trust Settings

      • iexplore.exe (PID: 2960)
      • iexplore.exe (PID: 3200)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2960"C:\Program Files\Internet Explorer\iexplore.exe" "https://click.info.mailssenders.com/?qs=45cf561bddae04f619df3d5c4fbb835aa4b14ac658236c9f2f457b5f6ed0b15132c4cceca9cd4b96556af414311fba58a0ced33bb67c75de"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
3200"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2960 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
Total events
20 753
Read events
20 637
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
22
Text files
39
Unknown types
24

Dropped files

PID
Process
Filename
Type
3200iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_A30EA9B4E1BC5DBF09A8EF399E086D27binary
MD5:2B6607B13E381741681119A3178FA1F5
SHA256:B2AFA9634A1CBDEDE8297D972E586832507FCC9D88388F7B66957EFF74D95834
3200iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:7AC778E8BB05A4EB2BA257132AA3D086
SHA256:5CB96BE000D2095CFEBEB874B85605BEC41CCF1AF22906012B7789DDD196E73D
3200iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E573CDF4C6D731D56A665145182FD759_38677CBBEA85BB35B95DEBC7E8A3A26Cbinary
MD5:16FFBC50F42C5563AA3ACA0080C37986
SHA256:1C563A8CE2735542DF04C2B0264AA0175654E6EBCE852EF0E24D3EC7E05CB1F6
2960iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8Fbinary
MD5:4FC589E7CD95FB95A1E11F088E18AA9B
SHA256:E80C5200C57FA6FF2FDE7146864EACC42C9FDA250786AFE5B056B200D825D1C8
3200iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\2-Hour-Virtual-Seminar-on-Mastering-Excel-Pivot-Tables[1].htmhtml
MD5:B77FDE4EBD24462EB3B978D613AC1610
SHA256:BB7B9987009F7E3862F0690832C24325F471ABFF154CCA59D055162B75C6FACE
3200iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E573CDF4C6D731D56A665145182FD759_38677CBBEA85BB35B95DEBC7E8A3A26Cder
MD5:1AD39140E88E213BDA2EC902142A2694
SHA256:737AFCEEAFF4CB5822DFD77C7ACEA43AB0C256284343AB8865757B7BD611AAD8
3200iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_A30EA9B4E1BC5DBF09A8EF399E086D27der
MD5:2EB446736FA8095967687E626F7441FA
SHA256:3F90E8D8B5C62A48E3F8E0B2B00A03630BFD0DA350B85C9EA8D003CE846A153B
2960iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\favicon[1].icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
2960iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8Fder
MD5:5C1113B7526A7723B64400D44129FA78
SHA256:9ECC27C740862AB2712DA2C4FF31592E2C0A8643576E64551EE344A73FBE2494
3200iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\responsive[1].csstext
MD5:F0749154592DD085EA679C9F8A01FC6B
SHA256:1333A53DD535AA6715492F066936F6DEBEB9C24618C27F479E4D12BFFC776DBD
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
18
TCP/UDP connections
61
DNS requests
22
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2960
iexplore.exe
GET
200
93.184.220.29:80
http://crl3.digicert.com/Omniroot2025.crl
US
der
7.78 Kb
whitelisted
3200
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAo1CNVcKSsBffitZcAP9%2BQ%3D
US
der
471 b
whitelisted
3200
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTk45WiKdPUwcMf8JgMC07ACYqr2AQUt2ui6qiqhIx56rTaD5iyxZV2ufQCEAonWvXMgO328jLi6G7Fu%2Bs%3D
US
der
471 b
whitelisted
3200
iexplore.exe
GET
200
142.250.185.67:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
US
der
724 b
whitelisted
2960
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
3200
iexplore.exe
GET
200
142.250.185.67:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
US
der
1.41 Kb
whitelisted
3200
iexplore.exe
GET
200
142.250.185.67:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCdUrA%2FwvrytArhIvu6cF3d
US
der
472 b
whitelisted
3200
iexplore.exe
GET
200
96.16.145.230:80
http://x1.c.lencr.org/
US
der
717 b
whitelisted
3200
iexplore.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?343cf1c19cd6b023
US
compressed
60.0 Kb
whitelisted
3200
iexplore.exe
GET
200
104.18.32.68:80
http://ocsp.sectigo.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEQDRNXyea8Ikn9qK7ymLa4kY
US
der
472 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3200
iexplore.exe
209.197.3.8:80
ctldl.windowsupdate.com
Highwinds Network Group, Inc.
US
whitelisted
2960
iexplore.exe
131.253.33.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
2960
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3200
iexplore.exe
188.114.96.10:443
profeducations.com
Cloudflare Inc
US
malicious
3200
iexplore.exe
13.110.221.195:443
click.info.mailssenders.com
Salesforce.com, Inc.
US
suspicious
3200
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
209.197.3.8:80
ctldl.windowsupdate.com
Highwinds Network Group, Inc.
US
whitelisted
3200
iexplore.exe
142.250.186.106:443
fonts.googleapis.com
Google Inc.
US
whitelisted
188.114.97.10:443
profeducations.com
Cloudflare Inc
US
malicious
3200
iexplore.exe
142.250.185.67:80
ocsp.pki.goog
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
click.info.mailssenders.com
  • 13.110.221.195
suspicious
ctldl.windowsupdate.com
  • 209.197.3.8
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 131.253.33.200
  • 13.107.22.200
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
profeducations.com
  • 188.114.96.10
  • 188.114.97.10
malicious
crl3.digicert.com
  • 93.184.220.29
whitelisted
simplesharebuttons.com
  • 162.243.82.235
whitelisted
fonts.googleapis.com
  • 142.250.186.106
whitelisted
ocsp.pki.goog
  • 142.250.185.67
whitelisted

Threats

No threats detected
No debug info