analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://seemesex.world

Full analysis: https://app.any.run/tasks/853ddcd9-184f-4e16-9c1f-16108459456d
Verdict: Malicious activity
Analysis date: May 30, 2020, 16:27:34
OS: Windows 10 Professional (build: 16299, 64 bit)
Indicators:
MD5:

3451C5CCAC21B0F1A09D6C59CADDD504

SHA1:

0BC6234D36BC005358BA6C8385716E381722EC24

SHA256:

A00BB74C9EDC1DC54DEE348975C5AA1E6C3734864CA39D6DC3CD5825EDC1DB5F

SSDEEP:

3:N1KNAAIA88:CSAC8

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Reads the machine GUID from the registry

      • IEXPLORE.EXE (PID: 3376)
      • iexplore.exe (PID: 444)
    • Changes internet zones settings

      • iexplore.exe (PID: 444)
    • Reads internet explorer settings

      • IEXPLORE.EXE (PID: 3376)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
85
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe no specs iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
444"C:\Program Files\internet explorer\iexplore.exe" "http://seemesex.world"C:\Program Files\internet explorer\iexplore.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.16299.15 (WinBuild.160101.0800)
3376"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:444 CREDAT:9474 /prefetch:2C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.16299.15 (WinBuild.160101.0800)
Total events
540
Read events
497
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
8
Unknown types
0

Dropped files

PID
Process
Filename
Type
3376IEXPLORE.EXEC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\Low\IE\5UIG5DSE\down[1]image
MD5:C4F558C4C8B56858F15C09037CD6625A
SHA256:39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
3376IEXPLORE.EXEC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\Low\IE\FZ4P8RAN\info_48[1]image
MD5:5565250FCC163AA3A79F0B746416CE69
SHA256:51129C6C98A82EA491F89857C31146ECEC14C4AF184517450A7A20C699C84859
3376IEXPLORE.EXEC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\Low\IE\LD57I5PR\http_404[1]html
MD5:F65C729DC2D457B7A1093813F1253192
SHA256:B82BFB6FA37FD5D56AC7C00536F150C0F244C81F1FC2D4FEFBBDC5E175C71B4F
3376IEXPLORE.EXEC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\Low\IE\2I6MPL32\bullet[1]image
MD5:26F971D87CA00E23BD2D064524AEF838
SHA256:1D8E5FD3C1FD384C0A7507E7283C7FE8F65015E521B84569132A7EABEDC9D41D
3376IEXPLORE.EXEC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\Low\IE\FZ4P8RAN\ErrorPageTemplate[1]text
MD5:F4FE1CB77E758E1BA56B8A8EC20417C5
SHA256:8D018639281B33DA8EB3CE0B21D11E1D414E59024C3689F92BE8904EB5779B5F
3376IEXPLORE.EXEC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\Low\IE\2I6MPL32\errorPageStrings[1]text
MD5:D65EC06F21C379C87040B83CC1ABAC6B
SHA256:A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
3376IEXPLORE.EXEC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\Low\IE\LD57I5PR\httpErrorPagesScripts[1]text
MD5:9234071287E637F85D721463C488704C
SHA256:65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
3376IEXPLORE.EXEC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\Low\IE\LD57I5PR\background_gradient[1]image
MD5:20F0110ED5E4E0D5384A496E4880139B
SHA256:1471693BE91E53C2640FE7BAEECBC624530B088444222D93F2815DFCE1865D5B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
3
TCP/UDP connections
6
DNS requests
2
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3376
IEXPLORE.EXE
GET
404
64.227.107.133:80
http://64.227.107.133/J21FL/5382.asp?pashalik=Myelin
US
suspicious
3376
IEXPLORE.EXE
GET
302
148.251.72.21:80
http://seemesex.world/
DE
malicious
3376
IEXPLORE.EXE
GET
302
94.130.90.228:80
http://atztds547.xyz/xn94r2398us2938u4s
DE
suspicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
148.251.72.21:80
seemesex.world
Hetzner Online GmbH
DE
suspicious
3376
IEXPLORE.EXE
64.227.107.133:80
Peer 1 Network (USA) Inc.
US
suspicious
94.130.90.228:80
atztds547.xyz
Hetzner Online GmbH
DE
malicious

DNS requests

Domain
IP
Reputation
seemesex.world
  • 148.251.72.21
malicious
atztds547.xyz
  • 94.130.90.228
suspicious

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET INFO Observed DNS Query to .world TLD
3376
IEXPLORE.EXE
Potentially Bad Traffic
ET INFO HTTP Request to Suspicious *.world Domain
3376
IEXPLORE.EXE
Potentially Bad Traffic
AV INFO HTTP Request to a *.xyz domain
No debug info