analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://www.opening-popular.top/cate-518501/

Full analysis: https://app.any.run/tasks/2562851a-0c9d-4b22-b096-51d0a1611834
Verdict: Malicious activity
Analysis date: January 11, 2019, 04:43:33
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

5ACF53D782545A286776219DA4D33A6D

SHA1:

89CDE584CDB6CFDB943C5E8F63E04C07017515B6

SHA256:

A28C510696E2FB9F1EB95558428BFEE33A63FCC67DE69F25182469A6DB66DB91

SSDEEP:

3:N1KJS4TZ6MLRKVXtEQVTn:Cc4TZXQf5VT

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Reads internet explorer settings

      • iexplore.exe (PID: 3096)
    • Application launched itself

      • iexplore.exe (PID: 2952)
    • Changes internet zones settings

      • iexplore.exe (PID: 2952)
    • Creates files in the user directory

      • iexplore.exe (PID: 3096)
      • iexplore.exe (PID: 2952)
    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3096)
      • iexplore.exe (PID: 2952)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 3096)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
32
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2952"C:\Program Files\Internet Explorer\iexplore.exe" -nohomeC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
3096"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2952 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Total events
443
Read events
381
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
40
Unknown types
3

Dropped files

PID
Process
Filename
Type
2952iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[1].ico
MD5:
SHA256:
2952iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3096iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\cate-518501[1].txt
MD5:
SHA256:
3096iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txttext
MD5:35D495101C68344CB9DAAB229A6C1A6C
SHA256:DB32490EFD31A66F7966D6D8FCB3BC78FAB117B407212921367C69504E7223FE
3096iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\st769754_1[1].jpgimage
MD5:94F2C51814DC13D4C8AD7705CB3B9F00
SHA256:FDE68B61A5C707AA171804E62BC75A16CE350A8B1A7E431EF7013168C484D534
3096iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\search[1].pngimage
MD5:37865647BDB7138D63FB2535BD80443A
SHA256:1878C92DE96A79813441E9693B0470BA661EA98AC16C1716614808A761DB1ACF
3096iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\st769758_1[1].jpgimage
MD5:F2CFC2E2150EEB1F5B1447A56D54F520
SHA256:B9D5E77DB1135D7AA4175CCBF1986F12161A2E402BA0307FDB9210A8CCC8C809
3096iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@opening-popular[1].txttext
MD5:667F9F291E0F2797586726122918545D
SHA256:1CD6F662BAE5A180295670DE43BB1A1ABCA2F53120A4BC87EB4FFCC376E3E69D
3096iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\logo[1].pngimage
MD5:69709240C25BEC2EF0554AC6F31AC9EF
SHA256:A3D796B6C94C78B97EE842037D2F5033F9E4BACC855B1A7F69C0867DFA348AC3
3096iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\st1649941_1[1].jpgimage
MD5:C2ACCA9F9EBA3BDA28D6F0E256962E81
SHA256:33602763574805EB82ABEDD9AD73CC7F70267404AC49AD8511B60A7323CAA159
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
17
TCP/UDP connections
31
DNS requests
6
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3096
iexplore.exe
GET
200
104.24.103.209:80
http://www.opening-popular.top/template/default/css/bootstrap.css
US
text
23.3 Kb
suspicious
3096
iexplore.exe
GET
200
104.24.103.209:80
http://www.opening-popular.top/template/default/js/js.js
US
text
247 b
suspicious
2952
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
3096
iexplore.exe
GET
200
104.24.103.209:80
http://www.opening-popular.top/cate-518501/
US
html
5.52 Kb
suspicious
3096
iexplore.exe
GET
200
104.24.103.209:80
http://www.opening-popular.top/template/default/css/style.css
US
text
5.61 Kb
suspicious
3096
iexplore.exe
GET
200
104.24.103.209:80
http://www.opening-popular.top/template/default/image/logo.png
US
image
5.77 Kb
suspicious
3096
iexplore.exe
GET
200
104.24.103.209:80
http://www.opening-popular.top/template/default/image/icon_pc_bl20.gif
US
image
166 b
suspicious
3096
iexplore.exe
GET
200
104.24.103.209:80
http://www.opening-popular.top/template/default/image/credit.jpg
US
image
62.5 Kb
suspicious
3096
iexplore.exe
GET
200
104.24.103.209:80
http://www.opening-popular.top/template/default/js/calendar.js
US
html
1.44 Kb
suspicious
3096
iexplore.exe
GET
200
104.24.103.209:80
http://www.opening-popular.top/template/default/image/search.png
US
image
3.40 Kb
suspicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2952
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3096
iexplore.exe
104.24.103.209:443
www.opening-popular.top
Cloudflare Inc
US
shared
3096
iexplore.exe
104.24.103.209:80
www.opening-popular.top
Cloudflare Inc
US
shared
2952
iexplore.exe
104.24.103.209:80
www.opening-popular.top
Cloudflare Inc
US
shared
3096
iexplore.exe
120.201.249.106:443
s19.cnzz.com
China Mobile communications corporation
CN
unknown
3096
iexplore.exe
203.119.129.115:443
z8.cnzz.com
CN
malicious
3096
iexplore.exe
198.11.132.221:443
cnzz.mmstat.com
Alibaba (China) Technology Co., Ltd.
US
suspicious
3096
iexplore.exe
120.201.249.105:443
s19.cnzz.com
China Mobile communications corporation
CN
unknown

DNS requests

Domain
IP
Reputation
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
www.opening-popular.top
  • 104.24.103.209
  • 104.24.102.209
suspicious
s19.cnzz.com
  • 120.201.249.105
  • 120.201.249.106
suspicious
c.cnzz.com
  • 120.201.249.106
  • 120.201.249.105
whitelisted
z8.cnzz.com
  • 203.119.129.115
whitelisted
cnzz.mmstat.com
  • 198.11.132.221
whitelisted

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET DNS Query to a *.top domain - Likely Hostile
3096
iexplore.exe
Potentially Bad Traffic
ET INFO HTTP Request to a *.top domain
No debug info