analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
download:

index.html

Full analysis: https://app.any.run/tasks/45da121c-e9a2-4558-ba88-2e6299d1512c
Verdict: Malicious activity
Threats:

Trojans are a group of malicious programs distinguished by their ability to masquerade as benign software. Depending on their type, trojans possess a variety of capabilities, ranging from maintaining full remote control over the victim’s machine to stealing data and files, as well as dropping other malware. At the same time, the main functionality of each trojan family can differ significantly depending on its type. The most common trojan infection chain starts with a phishing email.

Malware Trends Tracker     >>>
Analysis date: August 26, 2019, 01:45:07
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
trojan
Indicators:
MIME: text/html
File info: HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
MD5:

424103E92180223148897C51C0D4C3FB

SHA1:

38606AF7830BC7E106C64BFB299381E46C3F3BEB

SHA256:

A2A3490474130974CE8098B6A47692540B279273B83010461FAA0F4494051ECB

SSDEEP:

1536:bW+OCDbgjIxOTc+H043cQnZQgrBAe+hmlBzBml0a2TnYyNf+mrTvwTIh2SZ90n:K+OCDbgKO9t19nkIh2SZ90n

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • iexplore.exe (PID: 3460)
      • iexplore.exe (PID: 3528)

    • Executed via COM

      • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 2996)

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 3528)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3460)
      • iexplore.exe (PID: 4012)

    • Changes internet zones settings

      • iexplore.exe (PID: 3528)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3528)
      • iexplore.exe (PID: 3460)
      • iexplore.exe (PID: 4012)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 4012)
      • iexplore.exe (PID: 3528)

    • Creates files in the user directory

      • iexplore.exe (PID: 4012)
      • iexplore.exe (PID: 3460)
      • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 2996)

    • Changes settings of System certificates

      • iexplore.exe (PID: 3528)
      • iexplore.exe (PID: 4012)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 4012)
      • iexplore.exe (PID: 3528)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.htm/html | HyperText Markup Language with DOCTYPE (80.6)
.html | HyperText Markup Language (19.3)

EXIF

HTML

msvalidate01: 1D906E97E6D722AA14BC498B954E2040
Description: Personal Computer Fixes is a blog that helps users to find the solutions to any computer problem. No matter what you need fixed we have the answers. Whether its Driver Downloads, Driver Errors, Spyware or DLL Errors we cover it so you can fix your PC problem.
Title: Personal Computer Fixes - Information & Resources To Fix Common Computer Problems
viewport: width=device-width, initial-scale=1.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
4
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3528"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\index.htmlC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
4012"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3528 CREDAT:79873C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
3460"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3528 CREDAT:203009C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
2996C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -EmbeddingC:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exesvchost.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
MEDIUM
Description:
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Version:
26,0,0,131
Total events
1 274
Read events
1 042
Write events
0
Delete events
0

Modification events

No data
Executable files
2
Suspicious files
6
Text files
109
Unknown types
19

Dropped files

PID
Process
Filename
Type
3528iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
MD5:
SHA256:
3528iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3460iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\CabDA09.tmp
MD5:
SHA256:
3460iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\TarDA0A.tmp
MD5:
SHA256:
3460iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\CabDA2A.tmp
MD5:
SHA256:
3460iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\TarDA2B.tmp
MD5:
SHA256:
3460iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\CabDAC8.tmp
MD5:
SHA256:
3460iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\TarDAC9.tmp
MD5:
SHA256:
3528iexplore.exeC:\Users\admin\AppData\Local\Temp\StructuredQuery.logtext
MD5:D12BD35351F29DCEAC739E268FB5FE85
SHA256:A09814F88C40D211BD9229A9EB770EC341BB3558327FA51BAD94144114789AF3
3460iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416binary
MD5:14E74BE6A6ADC6FF2FE418DC0BFA2147
SHA256:D2729F48E5284C3E48ECFAEF87AF0BADC6FAD072E237A5F4204BA9F1FCCD1458
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
34
DNS requests
16
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3460
iexplore.exe
GET
301
18.209.96.36:80
http://www.personalcomputerfixes.com/wp-content/uploads/2010/04/
US
html
368 b
malicious
3460
iexplore.exe
GET
301
52.86.225.45:80
http://personalcomputerfixes.com/wp-content/uploads/2010/04
US
html
363 b
whitelisted
3460
iexplore.exe
GET
200
93.184.221.240:80
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
US
compressed
56.6 Kb
whitelisted
3460
iexplore.exe
GET
301
52.86.225.45:80
http://personalcomputerfixes.com/wp-content/uploads/2010/04/xpsp2ocxfix.exe
US
html
379 b
whitelisted
3528
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
3460
iexplore.exe
GET
200
13.35.254.34:80
http://x.ss2.us/x.cer
US
der
1.27 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3528
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3460
iexplore.exe
93.184.221.240:80
www.download.windowsupdate.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
4
System
172.217.22.106:139
fonts.googleapis.com
Google Inc.
US
whitelisted
3460
iexplore.exe
18.209.96.36:443
personalcomputerfixes.com
US
unknown
4
System
172.217.22.106:445
fonts.googleapis.com
Google Inc.
US
whitelisted
3460
iexplore.exe
52.86.225.45:80
personalcomputerfixes.com
Amazon.com, Inc.
US
malicious
3460
iexplore.exe
13.35.254.34:80
x.ss2.us
US
suspicious
4012
iexplore.exe
18.209.96.36:443
personalcomputerfixes.com
US
unknown
3460
iexplore.exe
18.209.96.36:80
personalcomputerfixes.com
US
unknown
3460
iexplore.exe
172.217.22.106:443
fonts.googleapis.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
fonts.googleapis.com
  • 172.217.22.106
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
personalcomputerfixes.com
  • 52.86.225.45
  • 18.209.96.36
whitelisted
www.personalcomputerfixes.com
  • 18.209.96.36
  • 52.86.225.45
malicious
x.ss2.us
  • 13.35.254.34
  • 13.35.254.82
  • 13.35.254.54
  • 13.35.254.176
whitelisted
www.download.windowsupdate.com
  • 93.184.221.240
whitelisted
s7.addthis.com
  • 23.210.248.44
whitelisted
www.paypalobjects.com
  • 23.210.248.226
whitelisted
www.googletagservices.com
  • 172.217.21.194
whitelisted
fonts.gstatic.com
  • 172.217.18.99
whitelisted

Threats

PID
Process
Class
Message
3460
iexplore.exe
A Network Trojan was detected
ET TROJAN EXE Download Request To Wordpress Folder Likely Malicious
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
index.html