URL:

http://lms.ryder.com/LMS//DesktopModules/RMS/LoadDetails.aspx?loadNo=fUiGeGggla%252cHr00PYLE.Zw%253d%253d

Full analysis: https://app.any.run/tasks/ea96e35b-e950-4d88-9c57-52429c7cb72f
Verdict: No threats detected
Analysis date: January 24, 2019, 09:22:58
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

81DB35D217E2EA04810CE1FC2CF7D79E

SHA1:

15FC22AD6A53FD264AA5570F083A52EE08D80E7A

SHA256:

98C92531C0A869BEA2E787BD38FEC6A5564C346C5F5CC068E2D585F980CBA30D

SSDEEP:

3:N1KSIbwLdZLzAw3mh9IM/qE2KYtlAupQzXCt:CSnxntlhprt

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Changes internet zones settings

      • iexplore.exe (PID: 2704)
    • Reads internet explorer settings

      • iexplore.exe (PID: 3148)
    • Application launched itself

      • iexplore.exe (PID: 2704)
    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3148)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
33
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2704"C:\Program Files\Internet Explorer\iexplore.exe" -nohomeC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
3148"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2704 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Total events
406
Read events
342
Write events
61
Delete events
3

Modification events

(PID) Process:(2704) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2704) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2704) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(2704) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:
1
(PID) Process:(2704) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2704) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(2704) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
Operation:writeName:{AFFBC299-1FB9-11E9-BAD8-5254004A04AF}
Value:
0
(PID) Process:(2704) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Type
Value:
4
(PID) Process:(2704) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Count
Value:
3
(PID) Process:(2704) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Time
Value:
E3070100040018000900170014007A03
Executable files
0
Suspicious files
0
Text files
29
Unknown types
3

Dropped files

PID
Process
Filename
Type
2704iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico
MD5:
SHA256:
2704iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3148iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\Logon[1].aspx
MD5:
SHA256:
3148iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\locations[1].pngimage
MD5:1B66B297C701B08F81A7A008507C0D2D
SHA256:FD30014CB2E87E146691806FCAA08025B9A1A3E86B49748020B8467B3F5DB8BB
3148iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\rydership[1].pngimage
MD5:3BC61124B56D2DB7D03245E5E2015636
SHA256:3C1D6C1ACA1762CC19FB3A7B59837BD0A1C7FEB903719C6D7476B9A9D2FC0381
3148iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\jquery-1.5.1.min[1].jstext
MD5:CFDFD16F60F1052C798932182429A13C
SHA256:5CBCF1327E260EB4A3B24E98049CB44A840B8AA883E97D82EF5707E461F031FD
3148iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\Arsenal[1].csstext
MD5:49597BDC5EFDD77605F6162DE0BDB064
SHA256:49444BBEF6CCCFACF2D8E3AF98630E9ED4D29FE712081438B84893BC0ADC3906
2704iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[3].pngimage
MD5:9FB559A691078558E77D6848202F6541
SHA256:6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914
3148iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\WebResource[2].axdtext
MD5:A870B45AC5D6B0D4E18C4829C7B660B4
SHA256:144524233F795D6A425B76F7AE5C0BB622B5F67E2E6AE73532AD526528CA07CF
3148iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\lms[1].jstext
MD5:12E495D43B0BAF3C9617C6CDDC04B343
SHA256:A3708F13A53F4923E90CA5E67DD41572D596E3823EE5C45A2D5FF30B86058FC2
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
35
TCP/UDP connections
9
DNS requests
2
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3148
iexplore.exe
GET
200
168.218.95.148:80
http://lms.ryder.com/LMS/Libraries/LegacyBrowserSupport/html5.js
US
html
2.37 Kb
malicious
3148
iexplore.exe
GET
302
168.218.95.148:80
http://lms.ryder.com/LMS//DesktopModules/RMS/LoadDetails.aspx?loadNo=fUiGeGggla%252cHr00PYLE.Zw%253d%253d
US
html
267 b
malicious
3148
iexplore.exe
GET
200
168.218.95.148:80
http://lms.ryder.com/LMS/DesktopModules/Portal/Logon.aspx?ReturnUrl=%2fLMS%2fDesktopModules%2fRMS%2fLoadDetails.aspx%3floadNo%3dfUiGeGggla%25252cHr00PYLE.Zw%25253d%25253d
US
html
12.5 Kb
malicious
2704
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
3148
iexplore.exe
GET
200
168.218.95.148:80
http://lms.ryder.com/LMS/lms.js
US
text
1.19 Kb
malicious
3148
iexplore.exe
GET
200
168.218.95.148:80
http://lms.ryder.com/LMS/styles/Arsenal.css
US
text
6.84 Kb
malicious
3148
iexplore.exe
GET
200
168.218.95.148:80
http://lms.ryder.com/LMS/Libraries/LegacyBrowserSupport/es5-shim.js
US
text
13.1 Kb
malicious
3148
iexplore.exe
GET
200
168.218.95.148:80
http://lms.ryder.com/LMS/styles/Arsenal.New.css
US
text
4.01 Kb
malicious
3148
iexplore.exe
GET
200
168.218.95.148:80
http://lms.ryder.com/LMS/WebResource.axd?d=pynGkmcFUV13He1Qd6_TZLZ0fMdeWNRznLOLlL9kaZZ6PcHCTfnrTVZmE7EJDRdfahErOAjffAdImPuj8j8aAw2&t=636767463772892011
US
text
22.5 Kb
malicious
3148
iexplore.exe
GET
200
168.218.95.148:80
http://lms.ryder.com/LMS/WebResource.axd?d=JoBkLzP19aTuxbWOhHobYkaEddfcPOsv7RCaTVdHj1G2-XC0U2_cF8msi29VmvZAcsfaMzhPXTXkYjGmsTnNwA2&t=636767463772892011
US
text
2.93 Kb
malicious
3148
iexplore.exe
GET
200
168.218.95.148:80
http://lms.ryder.com/LMS/Scripts/Header.js
US
text
967 b
malicious
3148
iexplore.exe
GET
200
168.218.95.148:80
http://lms.ryder.com/LMS/images/Header/Toolbox/auditlink.png
US
image
1.45 Kb
malicious
3148
iexplore.exe
GET
200
168.218.95.148:80
http://lms.ryder.com/LMS/images/Header/Toolbox/fleetcare.png
US
image
1.34 Kb
malicious
3148
iexplore.exe
GET
200
168.218.95.148:80
http://lms.ryder.com/LMS/Scripts/jquery-1.5.1.min.js
US
text
83.4 Kb
malicious
3148
iexplore.exe
GET
200
168.218.95.148:80
http://lms.ryder.com/LMS/images/Header/Toolbox/locations.png
US
image
1.45 Kb
malicious
3148
iexplore.exe
GET
200
168.218.95.148:80
http://lms.ryder.com/LMS/images/Header/Toolbox/rydership.png
US
image
1.52 Kb
malicious
3148
iexplore.exe
GET
200
168.218.95.148:80
http://lms.ryder.com/LMS/images/Header/Toolbox/roadside.png
US
image
1.60 Kb
malicious
3148
iexplore.exe
GET
200
168.218.95.148:80
http://lms.ryder.com/LMS/images/Header/Toolbox/invoices.png
US
image
1.42 Kb
malicious
3148
iexplore.exe
GET
200
168.218.95.148:80
http://lms.ryder.com/LMS/images/Header/Toolbox/rydertrack.png
US
image
1.37 Kb
malicious
3148
iexplore.exe
GET
200
168.218.95.148:80
http://lms.ryder.com/LMS/images/Header/Toolbox/rydersmart.png
US
image
1.37 Kb
malicious
3148
iexplore.exe
GET
200
168.218.95.148:80
http://lms.ryder.com/LMS/images/Logos/Ryder_logo_123_29.png
US
image
3.33 Kb
malicious
3148
iexplore.exe
GET
200
168.218.95.148:80
http://lms.ryder.com/LMS/images/Header/Toolbox/tools-background.png
US
image
10.1 Kb
malicious
3148
iexplore.exe
GET
200
168.218.95.148:80
http://lms.ryder.com/LMS/styles/IE/PIE.htc
US
html
16.5 Kb
malicious
3148
iexplore.exe
GET
200
168.218.95.148:80
http://lms.ryder.com/LMS/images/Header/search-background.png
US
image
2.27 Kb
malicious
3148
iexplore.exe
GET
200
168.218.95.148:80
http://lms.ryder.com/LMS/images/Header/Toolbox/reports.png
US
image
1.30 Kb
malicious
3148
iexplore.exe
GET
200
168.218.95.148:80
http://lms.ryder.com/LMS/images/Header/search-box-background.png
US
image
1.12 Kb
malicious
3148
iexplore.exe
GET
200
168.218.95.148:80
http://lms.ryder.com/LMS/images/Header/Toolbox/webodometer.png
US
image
1.57 Kb
malicious
3148
iexplore.exe
GET
200
168.218.95.148:80
http://lms.ryder.com/LMS/images/ryder-footer-logo.png
US
image
2.19 Kb
malicious
2704
iexplore.exe
GET
302
168.218.95.148:80
http://lms.ryder.com/favicon.ico
US
html
159 b
malicious
2704
iexplore.exe
GET
404
168.218.95.148:80
http://lms.ryder.com/LMS/favicon.ico
US
html
1.22 Kb
malicious
3148
iexplore.exe
GET
200
168.218.95.148:80
http://lms.ryder.com/LMS/images/icon-sprites.png
US
image
52.4 Kb
malicious
3148
iexplore.exe
POST
200
168.218.95.148:80
http://lms.ryder.com/LMS/DesktopModules/Portal/Logon.aspx?ReturnUrl=%2fLMS%2fDesktopModules%2fRMS%2fLoadDetails.aspx%3floadNo%3dfUiGeGggla%25252cHr00PYLE.Zw%25253d%25253d
US
html
12.7 Kb
malicious
2704
iexplore.exe
GET
404
168.218.95.148:80
http://lms.ryder.com/LMS/favicon.ico
US
html
1.22 Kb
malicious
2704
iexplore.exe
GET
302
168.218.95.148:80
http://lms.ryder.com/favicon.ico
US
html
159 b
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2704
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
2704
iexplore.exe
168.218.95.148:80
lms.ryder.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
malicious
3148
iexplore.exe
168.218.95.148:80
lms.ryder.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
malicious

DNS requests

Domain
IP
Reputation
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
lms.ryder.com
  • 168.218.95.148
malicious

Threats

PID
Process
Class
Message
3148
iexplore.exe
A Network Trojan was detected
SC TROJAN_DOWNLOADER Suspicious request with 'invoice' in http uri
No debug info