analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://www.bellsyscdn.com

Full analysis: https://app.any.run/tasks/e339ed68-2296-4ec7-bd3a-0c1fa26f5b4d
Verdict: Malicious activity
Threats:

Trojans are a group of malicious programs distinguished by their ability to masquerade as benign software. Depending on their type, trojans possess a variety of capabilities, ranging from maintaining full remote control over the victim’s machine to stealing data and files, as well as dropping other malware. At the same time, the main functionality of each trojan family can differ significantly depending on its type. The most common trojan infection chain starts with a phishing email.

Malware Trends Tracker     >>>
Analysis date: December 03, 2019, 01:25:24
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
trojan
sinkhole
Indicators:
MD5:

05B6F4E17B27D9263FBE927C118FD352

SHA1:

883E2187EE31E50893A3E36232C158E684F3C202

SHA256:

994260335F3C2453ED28F3AF7A501FAD3C57CCF18F10571855836E86ACED7B9B

SSDEEP:

3:N1KJS4gHy1n:Cc4gHy1

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Changes internet zones settings

      • iexplore.exe (PID: 2508)

    • Creates files in the user directory

      • iexplore.exe (PID: 3172)
      • iexplore.exe (PID: 2508)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 2508)
      • iexplore.exe (PID: 3172)

    • Application launched itself

      • iexplore.exe (PID: 2508)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3172)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2508"C:\Program Files\Internet Explorer\iexplore.exe" -nohomeC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
3172"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2508 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Total events
352
Read events
291
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
9
Unknown types
5

Dropped files

PID
Process
Filename
Type
2508iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
MD5:
SHA256:
2508iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3172iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019120320191204\index.datdat
MD5:8A580EBB6A2FD2E6E4116EC2CA8DE257
SHA256:40852B64C02541AD13A61B4E36AAA9AF32AC353833BFC2D27F45F345F6C2BE6D
3172iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.datdat
MD5:3DE00FAA3E2D71B7D84FE6635F16C733
SHA256:C73BF7B29DC386BBBE66B38028225BD87CA713335B9975CF60F69B4D3F5B48E3
3172iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txttext
MD5:7DA2D80A0FF44D58C9EC5D5A6AB27EAA
SHA256:6B8BE328E49C52442B58D034DBBE0B54EE3AE772F197C0F1D6A680E1F3614F13
3172iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@bellsyscdn[1].txttext
MD5:E7BCA16B80B0935466EFF1D2D889BD76
SHA256:E461DD2FAE28CDAD744D38F13BD0D1B5B15EEB8B02CEEDBFDCE5CCE8EBA700AC
2508iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@bellsyscdn[1].txttext
MD5:850AC9B548F02A9EA47EBA5537657A51
SHA256:D6282A4EC2D32240991A69404B3B4542D91DB0D1226B929796F59DD897366AC0
2508iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019120320191204\index.datdat
MD5:EDD2E4DFA7788015335576CD9F5B7CCB
SHA256:5043DC106DC7CCD80BEA3963B82B73E0D951C13EA3816C9B2F1F16C6AE24219A
2508iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txttext
MD5:F76E2E19C3FD0A8760665E89E7574BE4
SHA256:C81501AF5ED5EE9AE57DDBBCA6B668BF3EC3A8720D145FC550F5FFADB70D8EC6
3172iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.datdat
MD5:9663960E8AFED6EEB705D44D43A1A317
SHA256:688B3A60FE4CD94EB3EA84001430A0269AD24A7B4B395AD1FFAA67A1AA0F5821
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
3
TCP/UDP connections
3
DNS requests
2
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3172
iexplore.exe
GET
200
72.5.161.14:80
http://www.bellsyscdn.com/
US
binary
20 b
malicious
2508
iexplore.exe
GET
200
72.5.161.14:80
http://www.bellsyscdn.com/favicon.ico
US
binary
20 b
malicious
2508
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2508
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3172
iexplore.exe
72.5.161.14:80
www.bellsyscdn.com
Voxel Dot Net, Inc.
US
malicious
2508
iexplore.exe
72.5.161.14:80
www.bellsyscdn.com
Voxel Dot Net, Inc.
US
malicious

DNS requests

Domain
IP
Reputation
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
www.bellsyscdn.com
  • 72.5.161.14
malicious

Threats

PID
Process
Class
Message
3172
iexplore.exe
A Network Trojan was detected
ET TROJAN Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
3172
iexplore.exe
Exploitation attributes have been detected
SINKHOLE [PTsecurity] snkz HTTP cookie set
2508
iexplore.exe
A Network Trojan was detected
ET TROJAN Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
2508
iexplore.exe
Exploitation attributes have been detected
SINKHOLE [PTsecurity] snkz HTTP cookie set
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
http://www.bellsyscdn.com