URL:

https://u1951574.ct.sendgrid.net/ls/click?upn=NduOCiJIF4hVwlmcIZzGg9hFW6m8bX9fzMMEFt-2BLN0PiEecouGUg7FD7EyaXgxNAZ8-2Fg-2BTlNX6iPS1XPjxs1N2Kn2HRqYh2GkpkblXnupSgw-2FEYe1qEAzw4dPT-2Fvbt4g4KhHQ4nibLot-2FM79fE8ivKLKiJEOtAJ70fpiOZOjMUKatvSWwaTqeYy7myDsPoxiUaf4LtYhdI6XM4JVpISd5w-3D-3D-QvB_rrFU-2B5x0xhh4Gtc9vDz-2BaiqX-2B1pzI9jEiw0r0zaY1yQATV2ASS7Bllu2lO14WyoNoIWmBQgXEHmLYQloMOlCzvoDfJouUsXClazKKNRxwvoljEQCJtxZ5a8d97kNvY8jO9euuGn4Pqd44z9cGW5BSgMxTUp-2FFcfiiwkbpQofMvBHz9C1ih4aGb4K-2FK4VVV801DV2Sfqb0yNAvV4sXSx3rw-3D-3D

Full analysis: https://app.any.run/tasks/24e4accc-21b4-497c-b1c3-650df36f4197
Verdict: Malicious activity
Analysis date: April 18, 2023, 19:59:57
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

ED62D54635C32A7E47D61D8E099FBD39

SHA1:

78B605A18263A312EEF7CD8609E52EFB84EAB3FB

SHA256:

9D8253A7942625ADA458A36DAD33E0FA5478F1FDB95BC13F674059AF918264B9

SSDEEP:

12:2QSaAfe8jOqRX1TkRAB3+0w//2+OZbH3FmrxkO1:2Q3AJOqRX1023+0w//jOpVm

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Create files in a temporary directory

      • iexplore.exe (PID: 3324)

    • Application launched itself

      • iexplore.exe (PID: 3324)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
3324"C:\Program Files\Internet Explorer\iexplore.exe" "https://u1951574.ct.sendgrid.net/ls/click?upn=NduOCiJIF4hVwlmcIZzGg9hFW6m8bX9fzMMEFt-2BLN0PiEecouGUg7FD7EyaXgxNAZ8-2Fg-2BTlNX6iPS1XPjxs1N2Kn2HRqYh2GkpkblXnupSgw-2FEYe1qEAzw4dPT-2Fvbt4g4KhHQ4nibLot-2FM79fE8ivKLKiJEOtAJ70fpiOZOjMUKatvSWwaTqeYy7myDsPoxiUaf4LtYhdI6XM4JVpISd5w-3D-3D-QvB_rrFU-2B5x0xhh4Gtc9vDz-2BaiqX-2B1pzI9jEiw0r0zaY1yQATV2ASS7Bllu2lO14WyoNoIWmBQgXEHmLYQloMOlCzvoDfJouUsXClazKKNRxwvoljEQCJtxZ5a8d97kNvY8jO9euuGn4Pqd44z9cGW5BSgMxTUp-2FFcfiiwkbpQofMvBHz9C1ih4aGb4K-2FK4VVV801DV2Sfqb0yNAvV4sXSx3rw-3D-3D"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3760"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3324 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
Total events
23 256
Read events
23 098
Write events
158
Delete events
0

Modification events

(PID) Process:(3324) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(3324) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(3324) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(3324) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3324) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3324) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3324) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3324) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(3324) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(3324) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
0
Suspicious files
19
Text files
0
Unknown types
1

Dropped files

PID
Process
Filename
Type
3760iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:F7DCB24540769805E5BB30D193944DCE
SHA256:6B88C6AC55BBD6FEA0EBE5A760D1AD2CFCE251C59D0151A1400701CB927E36EA
3760iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771der
MD5:50DF1AB9504EE68F6919390B0A3627AC
SHA256:ED5220CAA3361C20F493C0EE86D2DA6D2E0DA3F0BD0A3ECC11783E3174F27F4B
3760iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0288E41F433FBDAD8A53C65DB73C96A0_211B6092C6472B0FB7471E71D677F23Abinary
MD5:0F0B75895D2BDDC125FEB06838FEB7A4
SHA256:C711CB276AC806ED8DCAD406019377618D9422C765C15640774B80397FE61E72
3760iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\370059E51230CB0D021308DE4D6CD4D2der
MD5:5BF3EABDBD801F25508D2BA22EE4A151
SHA256:684494B714A8C5AAAC6BED98CDE467C10209CDD05328FA17AB0D947B7C358E4D
3760iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\370059E51230CB0D021308DE4D6CD4D2binary
MD5:B98051BAB03CB2599488A0A7E4AC5022
SHA256:F8070DF9E5CDD36B58F9AA5D6FB96AC57C355E30ACE61105722E5C71034AD1F8
3760iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:605617102159D8C0D06410B916BCE04D
SHA256:7580171D83B32B399790851F79184C7682ED0D34AFA52E8BE995A8E392A09BB2
3760iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0288E41F433FBDAD8A53C65DB73C96A0_211B6092C6472B0FB7471E71D677F23Ader
MD5:6D0BA377E41BD833D8C2F1C6280DFB31
SHA256:F18799D9B3DEF038EA2390C78F0A8E198495A071D5AFF58CC435CB39715726E4
3760iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771binary
MD5:B27610B5EF3AC3DBFAF801093A400C49
SHA256:4040E13C509341E1F07F1A0301F353EF96771F717DC01B9EC472E778E23BE163
3760iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2Dbinary
MD5:D285682F704E13A9D8E9E8D358228CC9
SHA256:9EB8244C5A9DF4AC5D3F4F37D46CAB13AFAAA2E0DB978AB71F24524005D897C9
3760iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2Dder
MD5:516C676190B199738E272CA781E914C5
SHA256:E385AB3DCD3FC25A68438D9C4F0B3F890BF1A839831D5ADB63B7168A3896312F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
21
DNS requests
17
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3760
iexplore.exe
GET
172.64.155.188:80
http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl
US
whitelisted
3760
iexplore.exe
GET
200
192.124.249.22:80
http://ocsp.godaddy.com//MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQdI2%2BOBkuXH93foRUj4a7lAr4rGwQUOpqFBxBnKLbv9r0FQW4gwZTaD94CAQc%3D
US
der
1.69 Kb
whitelisted
3760
iexplore.exe
GET
200
192.124.249.22:80
http://ocsp.godaddy.com//MEQwQjBAMD4wPDAJBgUrDgMCGgUABBTkIInKBAzXkF0Qh0pel3lfHJ9GPAQU0sSw0pHUTBFxs2HLPaH%2B3ahq1OMCAxvnFQ%3D%3D
US
der
1.66 Kb
whitelisted
3760
iexplore.exe
GET
200
104.18.32.68:80
http://ocsp.sectigo.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEQDLxhFvZ0k7aYqJFEoHpPO5
US
der
472 b
whitelisted
3760
iexplore.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?785ec956f74bfb8e
US
compressed
4.70 Kb
whitelisted
3760
iexplore.exe
GET
200
192.124.249.22:80
http://ocsp.godaddy.com//MEowSDBGMEQwQjAJBgUrDgMCGgUABBS2CA1fbGt26xPkOKX4ZguoUjM0TgQUQMK9J47MNIMwojPX%2B2yz8LQsgM4CCQDrKvFP4%2Bo4ow%3D%3D
US
der
1.74 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
52.45.163.217:443
web.healthdataexchange.com
AMAZON-AES
US
unknown
3760
iexplore.exe
167.89.115.121:443
u1951574.ct.sendgrid.net
SENDGRID
US
suspicious
3760
iexplore.exe
209.197.3.8:80
ctldl.windowsupdate.com
STACKPATH-CDN
US
whitelisted
3760
iexplore.exe
192.124.249.22:80
ocsp.godaddy.com
SUCURI-SEC
US
suspicious
3760
iexplore.exe
54.156.34.69:443
web.healthdataexchange.com
AMAZON-AES
US
unknown
104.18.32.68:80
ocsp.usertrust.com
CLOUDFLARENET
suspicious
3324
iexplore.exe
2.16.187.66:443
www.bing.com
Akamai International B.V.
DE
whitelisted
3324
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
3760
iexplore.exe
172.64.155.188:80
ocsp.usertrust.com
CLOUDFLARENET
US
suspicious
3760
iexplore.exe
167.89.115.54:443
u1951574.ct.sendgrid.net
SENDGRID
US
suspicious

DNS requests

Domain
IP
Reputation
u1951574.ct.sendgrid.net
  • 167.89.115.121
  • 167.89.115.54
  • 167.89.123.122
  • 167.89.123.16
malicious
ctldl.windowsupdate.com
  • 209.197.3.8
whitelisted
ocsp.godaddy.com
  • 192.124.249.22
  • 192.124.249.24
  • 192.124.249.36
  • 192.124.249.41
  • 192.124.249.23
whitelisted
web.healthdataexchange.com
  • 54.156.34.69
  • 52.45.163.217
unknown
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 2.16.187.66
  • 2.16.187.98
  • 2.16.187.137
  • 2.16.187.91
  • 2.16.187.145
  • 2.16.187.121
  • 2.16.187.97
  • 2.16.187.65
  • 2.16.187.67
whitelisted
ocsp.usertrust.com
  • 104.18.32.68
  • 172.64.155.188
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
crl.usertrust.com
  • 172.64.155.188
  • 104.18.32.68
whitelisted
crl3.digicert.com
  • 192.229.221.95
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://u1951574.ct.sendgrid.net/ls/click?upn=NduOCiJIF4hVwlmcIZzGg9hFW6m8bX9fzMMEFt-2BLN0PiEecouGUg7FD7EyaXgxNAZ8-2Fg-2BTlNX6iPS1XPjxs1N2Kn2HRqYh2GkpkblXnupSgw-2FEYe1qEAzw4dPT-2Fvbt4g4KhHQ4nibLot-2FM79fE8ivKLKiJEOtAJ70fpiOZOjMUKatvSWwaTqeYy7myDsPoxiUaf4LtYhdI6XM4JVpISd5w-3D-3D-QvB_rrFU-2B5x0xhh4Gtc9vDz-2BaiqX-2B1pzI9jEiw0r0zaY1yQATV2ASS7Bllu2lO14WyoNoIWmBQgXEHmLYQloMOlCzvoDfJouUsXClazKKNRxwvoljEQCJtxZ5a8d97kNvY8jO9euuGn4Pqd44z9cGW5BSgMxTUp-2FFcfiiwkbpQofMvBHz9C1ih4aGb4K-2FK4VVV801DV2Sfqb0yNAvV4sXSx3rw-3D-3D