analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://www.cvaccordinddg.cam/candor-Storeyed/7ec4R2395f86my12q1cecdC3abaN19WFDFDGa4fgsvxIwEGsi8yR0nQnKK6M1wGR06lzyWHt

Full analysis: https://app.any.run/tasks/334210b4-fed1-4a5e-8b70-b6c5cb7837d2
Verdict: Malicious activity
Analysis date: January 24, 2022, 16:50:24
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

A46A39381107EB7EB9BFAA2E0C4F242A

SHA1:

8D15E1D830C4977DE26568FC0E10E5C6CAD83C0B

SHA256:

A41CD0F4BBDE0F1CF2224B42CD9D87416049763AF3C38E2A80A27611AB194ABE

SSDEEP:

3:N1KJS4Ya0LEKGELGI2xBJk3Ec7UXWmgCri4JRMKGoh1TJv:Cc4D0GieH+1hmrrRJRMKGC3v

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 2504)
  • INFO

    • Reads the computer name

      • iexplore.exe (PID: 2824)
      • iexplore.exe (PID: 2504)
    • Checks supported languages

      • iexplore.exe (PID: 2504)
      • iexplore.exe (PID: 2824)
    • Application launched itself

      • iexplore.exe (PID: 2824)
    • Changes internet zones settings

      • iexplore.exe (PID: 2824)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 2824)
      • iexplore.exe (PID: 2504)
    • Reads internet explorer settings

      • iexplore.exe (PID: 2504)
    • Checks Windows Trust Settings

      • iexplore.exe (PID: 2824)
      • iexplore.exe (PID: 2504)
    • Creates files in the user directory

      • iexplore.exe (PID: 2504)
      • iexplore.exe (PID: 2824)
    • Changes settings of System certificates

      • iexplore.exe (PID: 2824)
    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 2824)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2824"C:\Program Files\Internet Explorer\iexplore.exe" "http://www.cvaccordinddg.cam/candor-Storeyed/7ec4R2395f86my12q1cecdC3abaN19WFDFDGa4fgsvxIwEGsi8yR0nQnKK6M1wGR06lzyWHt"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
2504"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2824 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Total events
14 213
Read events
14 079
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
10
Text files
67
Unknown types
5

Dropped files

PID
Process
Filename
Type
2504iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\YIYEAKCX.txttext
MD5:C8FBFA2CF07C2110AA175DF67096B389
SHA256:A1A1344D159C2558AAAAA8795C7D4DA40A44C8E221655C3AB3276D21B37FB6AD
2824iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63der
MD5:FC990EAA7247546FB67C18916A4CAC9B
SHA256:294F5BE9159C87842AD3173FE7CDA168C9F2010C6D428085A8AC30EF436CA993
2504iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\UM60XW7Q.txttext
MD5:E7B4D9BEB261ECF70F225F3A66CBFC30
SHA256:ED16D6AA5ADEAF9872433D93FC18112B14B74287907789DA24BC521E74042D42
2504iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\90X4G0AH.txttext
MD5:830ADBC7AC9D9DDD4220D856AF516636
SHA256:0A17E752EF6DD3477AFE4E22378EA12B9925A4D446DA4A69B9E78EFBD4AFA667
2504iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\cf.errors[1].csstext
MD5:B404C45EA3C3996B2EEADA6C5EA6B2C7
SHA256:16FD28061D42CF29268600418D5AA26B585435027CA599A42141CBC820F2547C
2824iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776binary
MD5:C466B3829EE774563FB904BEFE6FDBA2
SHA256:D8E7870AA12B96DC0AACCFF82317ACF32E95031989DF067D389A04D699A5B41B
2824iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63binary
MD5:54226BD6D019D54ECEF77E5482A06D64
SHA256:4F813C5A7310F15B511C132AD4390064AEC5AB31636822FDDA923250BE23FCAB
2824iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776der
MD5:111DCDB55A88510DB3C1E141A0EA1538
SHA256:022A2CD07C65A61F3419427C0D278028CC8FD3C40D593279C2035D881013973B
2504iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\NMX8XONJ.txttext
MD5:4FA13BA89EF8108D273F0636D296A7F9
SHA256:6683B571F29E454D9A6083A3BC228DCACD8B2A339959138A9521C5D695B83630
2504iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\UZH8L029.txttext
MD5:E2DCFAB89B386076B5913588CC27CE7C
SHA256:98597C2217C8B418E6C0D389FEA96BF50DCDAA12AF8D524A1CEE6145C05704D1
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
26
TCP/UDP connections
61
DNS requests
16
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2824
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
der
1.47 Kb
whitelisted
2504
iexplore.exe
GET
200
104.21.66.105:80
http://www.cvaccordinddg.cam/cdn-cgi/styles/cf.errors.css
US
text
4.32 Kb
suspicious
2504
iexplore.exe
GET
200
104.21.66.105:80
http://www.cvaccordinddg.cam/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=6d2ac364eb123b61
US
text
13.8 Kb
suspicious
2504
iexplore.exe
GET
403
104.21.66.105:80
http://www.cvaccordinddg.cam/candor-Storeyed/7ec4R2395f86my12q1cecdC3abaN19WFDFDGa4fgsvxIwEGsi8yR0nQnKK6M1wGR06lzyWHt
US
html
5.76 Kb
suspicious
2504
iexplore.exe
POST
200
104.21.66.105:80
http://www.cvaccordinddg.cam/cdn-cgi/challenge-platform/h/b/flow/ov1/0.03821260931306355:1643040211:3eb4378c9a9f3f4b52bf93037c81e2ed9af3c46bba39aab8094100fcd2aefe13/6d2ac364eb123b61/63b053ad137ed9b
US
text
84.0 Kb
suspicious
2504
iexplore.exe
POST
104.21.66.105:80
http://www.cvaccordinddg.cam/cdn-cgi/challenge-platform/h/b/flow/ov1/0.03821260931306355:1643040211:3eb4378c9a9f3f4b52bf93037c81e2ed9af3c46bba39aab8094100fcd2aefe13/6d2ac364eb123b61/63b053ad137ed9b
US
suspicious
2504
iexplore.exe
GET
200
104.21.66.105:80
http://www.cvaccordinddg.cam/cdn-cgi/challenge-platform/h/b/img/6d2ac364eb123b61/2fab545c/b836b69d9c5476c-1643043057978
US
image
396 b
suspicious
2504
iexplore.exe
GET
403
104.21.66.105:80
http://www.cvaccordinddg.cam/candor-Storeyed/7ec4R2395f86my12q1cecdC3abaN19WFDFDGa4fgsvxIwEGsi8yR0nQnKK6M1wGR06lzyWHt
US
html
5.78 Kb
suspicious
2504
iexplore.exe
GET
200
104.21.66.105:80
http://www.cvaccordinddg.cam/cdn-cgi/images/browser-bar.png?1376755637
US
image
715 b
suspicious
2504
iexplore.exe
GET
200
104.21.66.105:80
http://www.cvaccordinddg.cam/cdn-cgi/images/trace/captcha/nojs/h/transparent.gif?ray=6d2ac364eb123b61
US
image
42 b
suspicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2824
iexplore.exe
204.79.197.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
204.79.197.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
2824
iexplore.exe
209.197.3.8:80
ctldl.windowsupdate.com
Highwinds Network Group, Inc.
US
whitelisted
2824
iexplore.exe
13.107.21.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
2824
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2504
iexplore.exe
104.21.66.105:80
www.cvaccordinddg.cam
Cloudflare Inc
US
suspicious
2504
iexplore.exe
172.67.203.159:80
www.cvaccordinddg.cam
US
unknown
2824
iexplore.exe
152.199.19.161:443
iecvlist.microsoft.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2504
iexplore.exe
104.16.169.131:443
hcaptcha.com
Cloudflare Inc
US
unknown
2824
iexplore.exe
131.253.33.203:443
www.msn.com
Microsoft Corporation
US
whitelisted

DNS requests

Domain
IP
Reputation
www.cvaccordinddg.cam
  • 104.21.66.105
  • 172.67.203.159
suspicious
api.bing.com
  • 13.107.13.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
ctldl.windowsupdate.com
  • 209.197.3.8
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
hcaptcha.com
  • 104.16.169.131
  • 104.16.168.131
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted
newassets.hcaptcha.com
  • 104.16.169.131
  • 104.16.168.131
whitelisted
imgs.hcaptcha.com
  • 104.16.169.131
  • 104.16.168.131
whitelisted

Threats

PID
Process
Class
Message
2504
iexplore.exe
Potentially Bad Traffic
ET INFO HTTP Request to a *.cam domain
2504
iexplore.exe
Potentially Bad Traffic
ET INFO HTTP Request to a *.cam domain
2504
iexplore.exe
Potentially Bad Traffic
ET INFO HTTP Request to a *.cam domain
2504
iexplore.exe
Potentially Bad Traffic
ET INFO HTTP Request to a *.cam domain
2504
iexplore.exe
Potentially Bad Traffic
ET INFO HTTP Request to a *.cam domain
2504
iexplore.exe
Potentially Bad Traffic
ET INFO HTTP Request to a *.cam domain
2504
iexplore.exe
Potentially Bad Traffic
ET INFO HTTP Request to a *.cam domain
2504
iexplore.exe
Potentially Bad Traffic
ET INFO HTTP Request to a *.cam domain
2504
iexplore.exe
Potentially Bad Traffic
ET INFO HTTP Request to a *.cam domain
2504
iexplore.exe
Potentially Bad Traffic
ET INFO HTTP Request to a *.cam domain
No debug info