analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

Ericsson file 47517.htm

Full analysis: https://app.any.run/tasks/26c10394-9731-4ad2-8717-ff8c620cfad3
Verdict: Malicious activity
Analysis date: January 25, 2022, 03:16:11
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/html
File info: HTML document, ASCII text, with very long lines, with CRLF line terminators
MD5:

DB2FDB6EE7E1B9C42EB7D1AB170126C3

SHA1:

1E9DB350FFB7B5BD7560F37DD5251524BBD0B74D

SHA256:

A8178C599A312D9A4866A85B4B9EAE671F600BC2431570536246F32479C99EEE

SSDEEP:

384:+w5qQfYTKLcTA5ceXUW6HZpwi4oe6a0C2e1THLQTa1O2Rl:aQfc7TAYNE6aGexLUa1O2Rl

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 4016)
      • iexplore.exe (PID: 4012)
      • iexplore.exe (PID: 3980)

  • INFO

    • Reads the computer name

      • iexplore.exe (PID: 3980)
      • iexplore.exe (PID: 4016)
      • iexplore.exe (PID: 4012)
      • iexplore.exe (PID: 2256)

    • Checks supported languages

      • iexplore.exe (PID: 4016)
      • iexplore.exe (PID: 3980)
      • iexplore.exe (PID: 4012)
      • iexplore.exe (PID: 2256)

    • Application launched itself

      • iexplore.exe (PID: 3980)
      • iexplore.exe (PID: 4016)

    • Changes internet zones settings

      • iexplore.exe (PID: 3980)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 4016)
      • iexplore.exe (PID: 4012)
      • iexplore.exe (PID: 3980)

    • Checks Windows Trust Settings

      • iexplore.exe (PID: 4016)
      • iexplore.exe (PID: 4012)
      • iexplore.exe (PID: 3980)

    • Reads internet explorer settings

      • iexplore.exe (PID: 4016)
      • iexplore.exe (PID: 4012)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.html | HyperText Markup Language (100)
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
39
Monitored processes
4
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe iexplore.exe iexplore.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3980"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\admin\AppData\Local\Temp\Ericsson file 47517.htm.html"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
4016"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3980 CREDAT:144385 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
4012"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3980 CREDAT:275461 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
2256"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3980 CREDAT:398593 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Total events
21 823
Read events
21 649
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
2
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
4016iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:B3875551FF78EA6D3B89FB40E2EA9127
SHA256:5E91A299203E00A58961B52B242BE367715131EFD077A8E0219B2357B405C317
4016iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:F7DCB24540769805E5BB30D193944DCE
SHA256:6B88C6AC55BBD6FEA0EBE5A760D1AD2CFCE251C59D0151A1400701CB927E36EA
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
19
DNS requests
9
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4012
iexplore.exe
GET
200
8.253.208.121:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?03c71ce1e997afee
US
compressed
4.70 Kb
whitelisted
4016
iexplore.exe
GET
200
8.238.21.254:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?5b810eac8f0d199b
US
compressed
4.70 Kb
whitelisted
4016
iexplore.exe
GET
200
8.238.21.254:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?c11a9e5204e805b1
US
compressed
4.70 Kb
whitelisted
4012
iexplore.exe
GET
200
8.253.208.121:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?1a08b4e3bc81ac79
US
compressed
4.70 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4016
iexplore.exe
162.159.137.85:443
api.statvoo.com
Cloudflare Inc
malicious
4012
iexplore.exe
162.159.137.85:443
api.statvoo.com
Cloudflare Inc
malicious
4016
iexplore.exe
8.238.21.254:80
ctldl.windowsupdate.com
Level 3 Communications, Inc.
US
unknown
4012
iexplore.exe
8.238.21.254:80
ctldl.windowsupdate.com
Level 3 Communications, Inc.
US
unknown
3980
iexplore.exe
204.79.197.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
4012
iexplore.exe
8.253.208.121:80
ctldl.windowsupdate.com
Level 3 Communications, Inc.
US
unknown
152.199.19.161:443
iecvlist.microsoft.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
4012
iexplore.exe
152.199.19.161:443
iecvlist.microsoft.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3980
iexplore.exe
152.199.19.161:443
iecvlist.microsoft.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
162.159.137.85:443
api.statvoo.com
Cloudflare Inc
malicious

DNS requests

Domain
IP
Reputation
api.statvoo.com
  • 162.159.137.85
  • 162.159.138.85
whitelisted
ctldl.windowsupdate.com
  • 8.238.21.254
  • 8.253.208.121
  • 8.238.23.254
  • 8.248.5.254
  • 8.247.211.126
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted

Threats

Found threats are available for the paid subscriptions
11 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
Ericsson file 47517.htm