URL:

mavink.com

Full analysis: https://app.any.run/tasks/0f56ddc1-56b8-459d-836f-1e21518a3403
Verdict: Malicious activity
Analysis date: May 30, 2024, 07:12:07
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

76BCADD3228BA20D84A0FA4545B56770

SHA1:

66339FAB5D42BC60E7D8D4DC56E1EF68B834D8A8

SHA256:

9C521FC02F49A5142A16B0FA24FA50186BE595C09B32F075453ED416AB814F6F

SSDEEP:

3:5uOLKn:bK

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Reads the computer name

      • wmpnscfg.exe (PID: 736)

    • Checks supported languages

      • wmpnscfg.exe (PID: 736)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 736)

    • Application launched itself

      • iexplore.exe (PID: 3968)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3968"C:\Program Files\Internet Explorer\iexplore.exe" "mavink.com"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
4024"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3968 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
736"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
31 589
Read events
31 464
Write events
91
Delete events
34

Modification events

(PID) Process:(3968) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(3968) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
(PID) Process:(3968) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31109728
(PID) Process:(3968) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
(PID) Process:(3968) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31109728
(PID) Process:(3968) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3968) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3968) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3968) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3968) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
0
Suspicious files
105
Text files
133
Unknown types
9

Dropped files

PID
Process
Filename
Type
4024iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751binary
MD5:822467B728B7A66B081C91795373789A
SHA256:AF2343382B88335EEA72251AD84949E244FF54B6995063E24459A7216E9576B9
4024iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25binary
MD5:C90575E0768C19282E379D5FBE679381
SHA256:42B7E7D1856D7FE90C927D82950DA17F1414E7B9F1F5896BA29EDD192642C744
4024iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F22D4E3722903E1D14F38ED58D226A76der
MD5:2BBFE94F2E5080FA09DB49D2FE07A0A3
SHA256:5865FC128FF34DE9380211CC1B238CE09F35ADAA46F1AD9BBB505F5C39489DE7
4024iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1B1495DD322A24490E2BF2FAABAE1C61binary
MD5:5AE8478AF8DD6EEC7AD4EDF162DD3DF1
SHA256:FE42AC92EAE3B2850370B73C3691CCF394C23AB6133DE39F1697A6EBAC4BEDCA
4024iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\EEV1P5TB.htmhtml
MD5:53255C488F8257B885A241CF553A7A04
SHA256:C048F98747C1C0DF656D7D30290059D6DAAAFCEFA810BDD2F913D7A8CD1B4BB2
4024iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\HF_Y24_R07_W06_UK_UQ16100-5_Main_low-d7d54c2d[1].jpgimage
MD5:0A438240F3344F6134E9F7D6428B2B65
SHA256:E2FB8624A4CC5326785F9D242F5C42F037C629AF50B7F4A09931ACDA6895C738
4024iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25binary
MD5:D617D4042DCD93B7C3D5EE5BA8D75AAC
SHA256:4ED9C17CC3E59907A355BEAFDB5F30F5A04048D6AC09ADF1E6BB55268F0F11F4
4024iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:51826F71D9F794E54231CC2BB55FD7EB
SHA256:E5FFCBFFD0CAD8913F2D8074ADDC1B7E588BA4A1480017896DB194A2638A539F
4024iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\aesthetic-pfp-anime-girl-Favim.com-6343757[1].htmhtml
MD5:C3C4D4204B304EFEDC49AB44E72477A0
SHA256:4E343B1BA6713E76D1F043589FDB312A624B15872136F08A695A8D9FE55CE0AA
4024iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1B1495DD322A24490E2BF2FAABAE1C61binary
MD5:E380A2F3C4B57C14AE28ED24F7AAAB85
SHA256:D05B3814588583572B967F87B1CC7F5B50A643570A43BAD42B9C96EE833687F8
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
71
TCP/UDP connections
276
DNS requests
137
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4024
iexplore.exe
GET
304
2.19.126.137:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?3379305fd5c23223
unknown
4024
iexplore.exe
GET
200
172.64.149.23:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEFZnHQTqT5lMbxCBR1nSdZQ%3D
unknown
4024
iexplore.exe
GET
307
165.227.252.231:80
http://mavink.com/
unknown
4024
iexplore.exe
GET
301
168.119.209.99:80
http://p.favim.com/orig/2018/09/17/aesthetic-pfp-anime-girl-Favim.com-6343757.jpg
unknown
4024
iexplore.exe
GET
200
142.250.186.163:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
4024
iexplore.exe
GET
200
104.18.38.233:80
http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt
unknown
4024
iexplore.exe
GET
200
2.16.202.121:80
http://e1.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgOd5QrBaYPGe9ox4l1n6%2F22Kw%3D%3D
unknown
4024
iexplore.exe
GET
2.19.126.137:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?15ad7339cf36b594
unknown
4024
iexplore.exe
GET
200
2.23.197.184:80
http://x2.c.lencr.org/
unknown
4024
iexplore.exe
GET
200
2.23.197.184:80
http://x1.c.lencr.org/
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
unknown
4
System
192.168.100.255:137
unknown
224.0.0.252:5355
unknown
4024
iexplore.exe
165.227.252.231:80
mavink.com
DIGITALOCEAN-ASN
US
unknown
4024
iexplore.exe
165.227.252.231:443
mavink.com
DIGITALOCEAN-ASN
US
unknown
4024
iexplore.exe
2.19.126.137:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
4024
iexplore.exe
2.23.197.184:80
x1.c.lencr.org
CW Vodafone Group PLC
GB
unknown
4024
iexplore.exe
2.16.202.121:80
e1.o.lencr.org
Akamai International B.V.
NL
unknown
4024
iexplore.exe
172.67.7.204:443
wallpaperaccess.com
CLOUDFLARENET
US
unknown
4024
iexplore.exe
192.0.77.2:443
i0.wp.com
AUTOMATTIC
US
unknown

DNS requests

Domain
IP
Reputation
mavink.com
  • 165.227.252.231
unknown
ctldl.windowsupdate.com
  • 2.19.126.137
  • 2.19.126.154
unknown
x1.c.lencr.org
  • 2.23.197.184
unknown
x2.c.lencr.org
  • 2.23.197.184
unknown
e1.o.lencr.org
  • 2.16.202.121
  • 2.16.202.112
unknown
i.pinimg.com
  • 2.18.64.20
  • 2.18.64.11
unknown
wallpaperaccess.com
  • 172.67.7.204
  • 104.22.32.65
  • 104.22.33.65
unknown
tgcboutique.com
  • 23.227.38.65
unknown
i5.walmartimages.com
  • 2.23.197.240
unknown
www.sevenevents.co.uk
  • 82.145.42.127
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
mavink.com