URL:

mavink.com

Full analysis: https://app.any.run/tasks/0f56ddc1-56b8-459d-836f-1e21518a3403
Verdict: Malicious activity
Analysis date: May 30, 2024, 07:12:07
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

76BCADD3228BA20D84A0FA4545B56770

SHA1:

66339FAB5D42BC60E7D8D4DC56E1EF68B834D8A8

SHA256:

9C521FC02F49A5142A16B0FA24FA50186BE595C09B32F075453ED416AB814F6F

SSDEEP:

3:5uOLKn:bK

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 3968)

    • Checks supported languages

      • wmpnscfg.exe (PID: 736)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 736)

    • Reads the computer name

      • wmpnscfg.exe (PID: 736)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
736"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3968"C:\Program Files\Internet Explorer\iexplore.exe" "mavink.com"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
4024"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3968 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
31 589
Read events
31 464
Write events
91
Delete events
34

Modification events

(PID) Process:(3968) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(3968) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
(PID) Process:(3968) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31109728
(PID) Process:(3968) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
(PID) Process:(3968) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31109728
(PID) Process:(3968) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3968) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3968) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3968) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3968) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
0
Suspicious files
105
Text files
133
Unknown types
9

Dropped files

PID
Process
Filename
Type
4024iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751binary
MD5:822467B728B7A66B081C91795373789A
SHA256:AF2343382B88335EEA72251AD84949E244FF54B6995063E24459A7216E9576B9
4024iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1B1495DD322A24490E2BF2FAABAE1C61binary
MD5:E380A2F3C4B57C14AE28ED24F7AAAB85
SHA256:D05B3814588583572B967F87B1CC7F5B50A643570A43BAD42B9C96EE833687F8
4024iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751binary
MD5:ACFDDED734D7EB22E7C6FDBF5531C334
SHA256:F43567892F55CDF4F3F7AFEE86FF3F5F9FD4E8C578F864F76BD5367AE0137352
4024iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F22D4E3722903E1D14F38ED58D226A76der
MD5:2BBFE94F2E5080FA09DB49D2FE07A0A3
SHA256:5865FC128FF34DE9380211CC1B238CE09F35ADAA46F1AD9BBB505F5C39489DE7
4024iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1B1495DD322A24490E2BF2FAABAE1C61binary
MD5:5AE8478AF8DD6EEC7AD4EDF162DD3DF1
SHA256:FE42AC92EAE3B2850370B73C3691CCF394C23AB6133DE39F1697A6EBAC4BEDCA
4024iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\user[1].pngimage
MD5:585C4FF4E804D3F89FDD248DC632CF89
SHA256:12FFFB87BBEC75EA0CB30DA78C5DD561AFC157CBD24F8AC491CF184F3B576E05
4024iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25binary
MD5:C90575E0768C19282E379D5FBE679381
SHA256:42B7E7D1856D7FE90C927D82950DA17F1414E7B9F1F5896BA29EDD192642C744
4024iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\folumelite[1].jsbinary
MD5:56F97B93F885509C2A27DAB73C2AE2D2
SHA256:622978BBF9A4F59913D4B5ED3AE3BE6CDB10DAAD3ADF9D62A38C0C8585B7035F
4024iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\aesthetic-pfp-anime-girl-Favim.com-6343757[1].htmhtml
MD5:C3C4D4204B304EFEDC49AB44E72477A0
SHA256:4E343B1BA6713E76D1F043589FDB312A624B15872136F08A695A8D9FE55CE0AA
4024iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\EEV1P5TB.htmhtml
MD5:53255C488F8257B885A241CF553A7A04
SHA256:C048F98747C1C0DF656D7D30290059D6DAAAFCEFA810BDD2F913D7A8CD1B4BB2
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
71
TCP/UDP connections
276
DNS requests
137
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4024
iexplore.exe
GET
307
165.227.252.231:80
http://mavink.com/
unknown
unknown
4024
iexplore.exe
GET
304
2.19.126.137:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?3379305fd5c23223
unknown
unknown
4024
iexplore.exe
GET
200
2.23.197.184:80
http://x1.c.lencr.org/
unknown
unknown
4024
iexplore.exe
GET
200
2.23.197.184:80
http://x2.c.lencr.org/
unknown
unknown
4024
iexplore.exe
GET
200
2.16.202.121:80
http://e1.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgOd5QrBaYPGe9ox4l1n6%2F22Kw%3D%3D
unknown
unknown
4024
iexplore.exe
GET
301
168.119.209.99:80
http://p.favim.com/orig/2018/09/17/aesthetic-pfp-anime-girl-Favim.com-6343757.jpg
unknown
unknown
4024
iexplore.exe
GET
200
2.19.126.137:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?6678c8a3347a3077
unknown
unknown
4024
iexplore.exe
GET
200
192.124.249.41:80
http://ocsp.starfieldtech.com//MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQUwPiEZQ6%2FsVZNPaFToNfxx8ZwqAQUfAwyH6fZMH%2FEfWijYqihzqsHWycCAQc%3D
unknown
unknown
4024
iexplore.exe
GET
2.19.126.137:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?15ad7339cf36b594
unknown
unknown
4024
iexplore.exe
GET
200
104.18.38.233:80
http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
unknown
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
4024
iexplore.exe
165.227.252.231:80
mavink.com
DIGITALOCEAN-ASN
US
unknown
4024
iexplore.exe
165.227.252.231:443
mavink.com
DIGITALOCEAN-ASN
US
unknown
4024
iexplore.exe
2.19.126.137:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
4024
iexplore.exe
2.23.197.184:80
x1.c.lencr.org
CW Vodafone Group PLC
GB
unknown
4024
iexplore.exe
2.16.202.121:80
e1.o.lencr.org
Akamai International B.V.
NL
unknown
4024
iexplore.exe
172.67.7.204:443
wallpaperaccess.com
CLOUDFLARENET
US
unknown
4024
iexplore.exe
192.0.77.2:443
i0.wp.com
AUTOMATTIC
US
unknown

DNS requests

Domain
IP
Reputation
mavink.com
  • 165.227.252.231
unknown
ctldl.windowsupdate.com
  • 2.19.126.137
  • 2.19.126.154
whitelisted
x1.c.lencr.org
  • 2.23.197.184
whitelisted
x2.c.lencr.org
  • 2.23.197.184
whitelisted
e1.o.lencr.org
  • 2.16.202.121
  • 2.16.202.112
whitelisted
i.pinimg.com
  • 2.18.64.20
  • 2.18.64.11
whitelisted
wallpaperaccess.com
  • 172.67.7.204
  • 104.22.32.65
  • 104.22.33.65
unknown
tgcboutique.com
  • 23.227.38.65
unknown
i5.walmartimages.com
  • 2.23.197.240
unknown
www.sevenevents.co.uk
  • 82.145.42.127
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
mavink.com