URL:

https://www.redgifs.com/

Full analysis: https://app.any.run/tasks/720abff6-240c-4b41-a498-853f25486d03
Verdict: Malicious activity
Analysis date: April 07, 2021, 10:45:01
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

573EC66DBF19A31F0300D017721EFF8F

SHA1:

F31D8ADD1FA6C8648C5734541B661297959B863A

SHA256:

A3073DCC45BD0BA11E76EE78894A36AF1882BA5255ECB83F9551388DE09E3890

SSDEEP:

3:N8DSLQJKn:2OLQE

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 2416)

    • Reads internet explorer settings

      • iexplore.exe (PID: 2424)

    • Dropped object may contain Bitcoin addresses

      • iexplore.exe (PID: 2424)

    • Changes internet zones settings

      • iexplore.exe (PID: 2416)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 2416)

    • Changes settings of System certificates

      • iexplore.exe (PID: 2416)

    • Creates files in the user directory

      • iexplore.exe (PID: 2424)
      • iexplore.exe (PID: 2416)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 2416)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
39
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2416"C:\Program Files\Internet Explorer\iexplore.exe" "https://www.redgifs.com/"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
2424"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2416 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
333
Read events
257
Write events
75
Delete events
1

Modification events

(PID) Process:(2416) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
730788276
(PID) Process:(2416) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30878619
(PID) Process:(2416) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2416) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2416) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2416) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2416) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2416) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
46000000A5000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(2416) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2416) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
Executable files
0
Suspicious files
45
Text files
24
Unknown types
22

Dropped files

PID
Process
Filename
Type
2424iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Cab9D3A.tmp
MD5:
SHA256:
2424iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Tar9D3B.tmp
MD5:
SHA256:
2424iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\app.3fbe5141f8378e172dbf[1].csstext
MD5:2A9DCC29B6AD72CC1017CC47288217C7
SHA256:F65DDAA2C4014C569D6B142442BB713D53956B504A8C5A1BB81B2798712A2D22
2424iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27der
MD5:DA58B2DCFF41E248EC0DB690C33DEB13
SHA256:6AF365C197A9BA15B5574A46AE75A3B1BA258C72DBAD3CA45D3F9F8E98F18DF4
2424iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\PEGHNP8X.txttext
MD5:DBE8EDDD29FF60CFDF6BE7284542C130
SHA256:D582C8BE5D6477605AFC2535ACFC133910AE3DD64C87C321CEC74B454AD74A8E
2424iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711Eder
MD5:0687C8CC5F4E80212FEF00F8ED924712
SHA256:F718AC2E22EBF5DD0D172545AFFEFB6E64348A7323BD6B7090020D3A54B4BCAA
2424iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288Bder
MD5:4F914D6A12B48374677859978D3DEF97
SHA256:EB9AC8C88C0857B9588076073491EEC79F4725AA32BC7AF00C20EF31095D1D68
2424iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850Dder
MD5:3924FBD2F02E06C9251D7407EBEB183A
SHA256:265D776BED4EDBF4695276B5AD3BB4AD85600E6374BB545DAE1F584D845E62B9
2424iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CC197601BE0898B7B0FCC91FA15D8A69_B70F607E5E7705C134FDC732B9270922binary
MD5:1108E45146C74DA85FFD2D8D2036221C
SHA256:86B83678BD2258AF16239AE8EF7E69164900824ABEDF291BE2234651AED7841A
2424iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288Bbinary
MD5:E3E36F7897A3494ADE77B3A6BD7A96F9
SHA256:0FFE36A25834031636A9F48DE68B4960B9FE06ADFBF9529F25E2FF2BF33AF0CA
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
16
TCP/UDP connections
47
DNS requests
16
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2424
iexplore.exe
GET
200
216.58.212.163:80
http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D
US
der
468 b
whitelisted
2424
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
US
der
471 b
whitelisted
2424
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
US
der
471 b
whitelisted
2424
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
US
der
727 b
whitelisted
2424
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
US
der
727 b
whitelisted
2424
iexplore.exe
GET
200
216.58.212.163:80
http://ocsp.pki.goog/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCECoWm2VW%2FUZXBQAAAACHo2g%3D
US
der
471 b
whitelisted
2424
iexplore.exe
GET
200
216.58.212.163:80
http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D
US
der
468 b
whitelisted
2424
iexplore.exe
GET
200
216.58.212.163:80
http://ocsp.pki.goog/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDBXqA4PHnjRAMAAAAAy8%2B6
US
der
472 b
whitelisted
2424
iexplore.exe
GET
200
216.58.212.163:80
http://ocsp.pki.goog/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEBvy7wrBJoLFAwAAAADLz1Y%3D
US
der
471 b
whitelisted
2424
iexplore.exe
GET
200
216.58.212.163:80
http://ocsp.pki.goog/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDBXqA4PHnjRAMAAAAAy8%2B6
US
der
472 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2424
iexplore.exe
104.18.5.207:443
www.redgifs.com
Cloudflare Inc
US
unknown
2424
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2424
iexplore.exe
172.217.18.106:443
fonts.googleapis.com
Google Inc.
US
whitelisted
2424
iexplore.exe
67.27.235.121:443
cdn.tsyndicate.com
Level 3 Communications, Inc.
US
unknown
2424
iexplore.exe
172.217.20.8:443
www.googletagmanager.com
Google Inc.
US
suspicious
2424
iexplore.exe
104.18.4.207:443
www.redgifs.com
Cloudflare Inc
US
unknown
2424
iexplore.exe
142.250.186.68:443
www.google.com
Google Inc.
US
whitelisted
151.139.128.14:80
ocsp.comodoca.com
Highwinds Network Group, Inc.
US
suspicious
2424
iexplore.exe
151.139.128.14:80
ocsp.comodoca.com
Highwinds Network Group, Inc.
US
suspicious
2424
iexplore.exe
216.58.212.163:80
ocsp.pki.goog
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
www.redgifs.com
  • 104.18.5.207
  • 104.18.4.207
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
api.bing.com
  • 13.107.13.80
whitelisted
www.bing.com
  • 131.253.33.200
  • 13.107.22.200
whitelisted
cdn.tsyndicate.com
  • 67.27.235.121
  • 8.241.89.121
  • 8.241.11.121
unknown
fonts.googleapis.com
  • 172.217.18.106
whitelisted
thumbs2.redgifs.com
  • 104.18.4.207
  • 104.18.5.207
whitelisted
www.googletagmanager.com
  • 172.217.20.8
whitelisted
www.google.com
  • 142.250.186.68
malicious
ocsp.comodoca.com
  • 151.139.128.14
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.redgifs.com/